[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*


oval:org.mitre.oval:def:289
The patch IE7-KB929969-WindowsServer2003-x86-enu.exe that addresses the vulnerabilities discussed in Microsoft Security Bulletin MS07-004 should be installed.

oval:org.mitre.oval:def:718
The patch IE7-KB928090-WindowsServer2003-x64-enu.exe that addresses the vulnerabilities discussed in Microsoft Security Bulletin MS07-016 should be installed.

oval:org.mitre.oval:def:347
The patch IE7-KB928090-WindowsServer2003-x86-enu.exe that addresses the vulnerabilities discussed in Microsoft Security Bulletin MS07-016 should be installed.

oval:org.mitre.oval:def:1162
The patch IE7-KB929969-WindowsServer2003-x64-enu.exe that addresses the vulnerabilities discussed in Microsoft Security Bulletin MS07-004 should be installed.

oval:org.mitre.oval:def:627
A version of Microsoft Internet Explorer 7 is installed.

oval:org.secpod.oval:def:5219
The host is installed with Internet Explorer 6 through 9, or 10 Consumer Preview and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fails to handle vectors related browser's protected mode. Successful exploitation could allow attackers to bypass pr ...

oval:org.mitre.oval:def:2031
Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via ...

oval:org.secpod.oval:def:6709
The host is installed with Internet Explorer 6 through 9 and is prone to an asynchronous null object access remote code execution vulnerability. A flaw is present in the application, which fails to handle deleted objects in memory. Successful exploitation could allow attackers to execute arbitrary c ...

oval:org.secpod.oval:def:6712
The host is missing a critical security update, according to Microsoft security bulletin MS12-052. The update is required to fix multiple vulnerabilities. A flaw is present in the application, which fails to handle deleted objects in memory. Successful exploitation could allow attackers to execute a ...

oval:org.secpod.oval:def:6711
The host is installed with Internet Explorer 6 through 9 and is prone to a virtual function table corruption vulnerability. A flaw is present in the application, which fails to handle deleted objects in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:6710
The host is installed with Internet Explorer 6 and 7 and is prone to a layout memory corruption vulnerability. A flaw is present in the application, which fails to handle deleted objects in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:10847
The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation allows attackers to execute arbitrary cod ...

oval:org.secpod.oval:def:21590
The host is installed with Internet Explorer 6, 7, 8, 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:10741
The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbit ...

oval:org.secpod.oval:def:10742
The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbit ...

oval:org.secpod.oval:def:10743
The host is missing a critical security update according to Microsoft Security bulletin MS13-028. The update is required to fix multiple use-after-free vulnerabilities. The flaws are present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Succes ...

oval:org.secpod.oval:def:43962
Microsoft Internet Explorer is prone to a denial-of-service vulnerability. A flaw is present in internet explorer, which fails to handle some exceptional conditions. Successful exploits can allow attackers to hang the affected browser, resulting in denial-of-service conditions.

oval:org.mitre.oval:def:1902
Race condition in Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to install multiple language packs in a way that triggers memory corruption, aka "Language Pack Installation Vulnerability."

oval:org.mitre.oval:def:1058
Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer propert ...

oval:org.mitre.oval:def:1120
Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from Imjpcksid.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might be related to CVE-2006-4193.

oval:org.secpod.oval:def:3467
The host is installed with Microsoft Internet Explorer 6 or 7 or 8 or 9 and is prone to information disclosure vulnerability. A flaw is present in the application, which does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts. Successful explo ...

oval:gov.nist.USGCB.ie7:def:604
This policy setting determines if the Internet Connection Wizard was completed. If it was not completed, it launches the Internet Connection Wizard.

oval:gov.nist.USGCB.ie7:def:645
This AutoComplete feature can remember and suggest User names and passwords on Forms. If you enable this setting, the user cannot change "User name and passwords on forms" or "prompt me to save passwords".

oval:gov.nist.USGCB.ie7:def:2039
This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.

oval:org.mitre.oval:def:1978
Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to access an uninitialized or deleted object, related to prototype variables and table cells, aka "Uninitialized Memory Corruption Vulnerability."

oval:org.secpod.oval:def:5096
The host is installed with Microsoft Internet Explorer 6 through 8 and is prone to a VML style remote code execution vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code ...

oval:org.secpod.oval:def:1199
The host is installed with Microsoft Internet Explorer and is prone to link properties handling memory corruption vulnerability. A flaw is present in the browser, which fails to handle link properties object. Successful exploitation could allow remote attackers to execute arbitrary code or gain sens ...

oval:org.secpod.oval:def:3431
The host is installed with Internet Explorer 6 or 7 or 8 or 9 and is prone to information disclosure vulnerability. A flaw is present in the application, which fails to properly handle Web pages. Successful exploitation allows attackers to to view content from a different domain or Internet Explorer ...

oval:org.secpod.oval:def:3432
The host is missing an important security update according to Microsoft security bulletin, MS11-099. The update is required to fix information disclosure and remote code execution vulnerabilities. The flaws are present in the applications, which fail to properly handle XSS Filter and loading of libr ...

oval:org.secpod.oval:def:1450
The host is installed with Microsoft Internet Explorer and is prone to memory corruption vulnerability. A flaw is present in the browser, which fails to access an object that has not been properly initialized or has been deleted. Successful exploitation could allow remote attackers to execute arbitr ...

oval:org.secpod.oval:def:1451
The host is installed with Microsoft Internet Explorer and is prone to HTTP Redirect memory corruption vulnerability. A flaw is present in the browser, which fails to access an object that has not been properly initialized or has been deleted. Successful exploitation could allow remote attackers to ...

oval:org.secpod.oval:def:1203
The host is installed with Microsoft Internet Explorer and is prone to time element memory corruption vulnerability. A flaw is present in the browser, which fails to access an object that has not been properly initialized or has been deleted. Successful exploitation could allow remote attackers to e ...

oval:org.secpod.oval:def:1202
The host is installed with Microsoft Internet Explorer and is prone to drag and drop memory corruption vulnerability. A flaw is present in the browser, which fails to access an object that has not been properly initialized or has been deleted. Successful exploitation could allow remote attackers to ...

oval:org.secpod.oval:def:1204
The host is installed with Microsoft Internet Explorer and is prone to DOM modification memory corruption vulnerability. A flaw is present in the browser, which fails to access an object that has not been properly initialized or has been deleted. Successful exploitation could allow remote attackers ...

oval:org.secpod.oval:def:1206
The host is missing a Critical security update according to Microsoft security bulletin, MS11-052. The update is required to fix remote code execution vulnerability. A flaw is present in the way that Microsoft Internet Explorer 6/7/8 accesses an object that has not been correctly initialized or has ...

oval:org.secpod.oval:def:1448
The host is installed with Microsoft Internet Explorer and is prone to drag and drop information disclosure vulnerability. A flaw is present in the browser, which fails to handle a crafted Web page. Successful exploitation could allow remote attackers to execute arbitrary code or gain sensitive info ...

oval:org.secpod.oval:def:4137
The host is installed with Internet Explorer 6,7,8 or 9 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly perform copy-and-paste operations. Successful exploitation could allow attackers to read content from a different (1) domain ...

oval:org.secpod.oval:def:4138
The host is installed with Internet Explorer 7,8 or 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle access to a deleted object. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:4136
The host is missing a critical security update according to Microsoft bulletin, MS12-010. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle a specially crafted web page. Successful exploitation could allow attackers to execute arb ...

oval:org.secpod.oval:def:1764
The host is installed with Microsoft Internet Explorer and is prone to memory corruption vulnerability. A flaw is present in the browser, which fails to validate a specially crafted Web page disguised as legitimate content. Successful exploitation could allow remote attackers to execute arbitrary co ...

oval:org.secpod.oval:def:1763
The host is installed with Microsoft Internet Explorer and is prone to window open race condition remote code execution vulnerability. A flaw is present in the browser, which fails to handle a object that has been corrupted due to a race condition. Successful exploitation could allow remote attacker ...

oval:org.secpod.oval:def:1766
The host is installed with Microsoft Internet Explorer and is prone to memory corruption vulnerability. A flaw is present in the browser, which allow script to gain access to information in another domain or Internet Explorer zone when a specially crafted strings in to a web site. Successful exploit ...

oval:org.secpod.oval:def:1765
The host is installed with Microsoft Internet Explorer and is prone to memory corruption vulnerability. A flaw is present in the browser telnet URI handler, which fails to access an object that has not been properly initialized or has been deleted. Successful exploitation could allow remote attacker ...

oval:org.secpod.oval:def:1768
The host is installed with Microsoft Internet Explorer and is prone to memory corruption vulnerability. A flaw is present in the browser, which fails to access an object that has not been properly initialized or has been deleted. Successful exploitation could allow remote attackers to execute arbitr ...

oval:org.secpod.oval:def:1767
The host is installed with Microsoft Internet Explorer and is prone to memory corruption vulnerability. A flaw is present in the browser, which fails to access an object that has not been properly initialized or has been deleted. Successful exploitation could allow remote attackers to execute arbitr ...

oval:org.secpod.oval:def:5094
The host is installed with Microsoft Internet Explorer 6 or 7 and is prone to an OnReadyStateChange remote code execution vulnerability. A flaw is present in the application, which fails to handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:5092
The host is installed with Microsoft Internet Explorer 6 through 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle a crafted HTML document. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:5097
The host is missing a critical security update according to Microsoft security bulletin, MS12-023. The update is required to fix multiple remote code execution vulnerabilities. The flaws are present in the application, which fails to properly handle malicious data. Successful exploitation could allo ...

oval:org.secpod.oval:def:5095
The host is installed with Microsoft Internet Explorer 6 through 9 and is prone to a SelectAll remote code execution vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code ...

oval:org.secpod.oval:def:6992
The host is installed with Microsoft Internet Explorer 6 through 9 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted web site. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:6997
The host is missing a critical security update according to Microsoft security bulletin, MS12-063. The update is required to fix multiple use after free vulnerabilities. The flaws are present in the application, which fails to handle a crafted web site. Successful exploitation could allow attackers ...

oval:org.secpod.oval:def:6996
The host is installed with Microsoft Internet Explorer 6 through 8 and is prone to an cloneNode use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to exec ...

oval:org.mitre.oval:def:1784
Integer underflow in the CDownloadSink class code in the Vector Markup Language (VML) component (VGX.DLL), as used in Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code via compressed content with an invalid buffer size, which triggers a heap-based buffer overflow.

oval:org.mitre.oval:def:2109
The tblinf32.dll (aka vstlbinf.dll) ActiveX control for Internet Explorer 5.01, 6 SP1, and 7 uses an incorrect IObjectsafety implementation, which allows remote attackers to execute arbitrary code by requesting the HelpString property, involving a crafted DLL file argument to the TypeLibInfoFromFile ...

oval:org.mitre.oval:def:2162
Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers.

oval:org.mitre.oval:def:2232
Unspecified vulnerability in the pdwizard.ocx ActiveX object for Internet Explorer 5.01, 6 SP1, and 7 allows remote attackers to execute arbitrary code via unknown vectors related to Microsoft Visual Basic 6 objects and memory corruption, aka "ActiveX Object Memory Corruption Vulnerability."

oval:org.mitre.oval:def:2244
Microsoft Internet Explorer 5.01 through 7 allows remote attackers to spoof the URL address bar and other "trust UI" components via unspecified vectors, a different issue than CVE-2007-1091 and CVE-2007-3826.

oval:org.mitre.oval:def:2284
Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via unspecified vectors involving memory corruption from an unhandled error.

oval:org.mitre.oval:def:2324
Microsoft Internet Explorer 7 on Windows XP SP2 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via repeated document.open function calls after a user requests a new page, but before the onBeforeUnload function is called.

oval:org.mitre.oval:def:282
The patch IE7-KB928090-WindowsServer2003-ia64-enu.exe that addresses the vulnerabilities discussed in Microsoft Security Bulletin MS07-016 should be installed.

oval:org.mitre.oval:def:283
The patch IE7-KB928090-WindowsXP-x86-enu.exe that addresses the vulnerabilities discussed in Microsoft Security Bulletin MS07-016 should be installed.

oval:org.mitre.oval:def:286
The patch IE7-KB929969-WindowsServer2003-x64-enu.exe that addresses the vulnerabilities discussed in Microsoft Security Bulletin MS07-004 should be installed.

oval:org.mitre.oval:def:4332
Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via "unexpected method calls to HTML objects," aka "DHTML Object Memory Corruption Vulnerability."

oval:org.mitre.oval:def:4480
Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website using Javascript that creates, modifies, deletes, and accesses document objects using the tags property, which triggers heap corruption, related to uninitialized or deleted objects, a d ...

oval:org.mitre.oval:def:4553
Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via uninitialized or deleted objects used in repeated calls to the (1) cloneNode or (2) nodeValue JavaScript function, a different issue than CVE-2007-3902 and CVE-2007-5344, a variant of "Uninitialized Memory Corr ...

oval:org.mitre.oval:def:4582
Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property of an HTML element, one variant of "Uninitialized M ...

oval:org.mitre.oval:def:679
The patch IE7-KB929969-WindowsServer2003-ia64-enu.exe that addresses the vulnerabilities discussed in Microsoft Security Bulletin MS07-004 should be installed.

oval:org.mitre.oval:def:684
The patch IE7-KB929969-WindowsXP-x86-enu.exe that addresses the vulnerabilities discussed in Microsoft Security Bulletin MS07-004 should be installed.

oval:org.mitre.oval:def:748
The patch IE7-KB928090-WindowsServer2003-x64-enu.exe that addresses the vulnerabilities discussed in Microsoft Security Bulletin MS07-016 should be installed.

oval:org.mitre.oval:def:4904
Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via a crafted image, aka "Argument Handling Memory Corruption Vulnerability."

oval:org.mitre.oval:def:13255
Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka "Event ...

oval:org.mitre.oval:def:1141
The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption.

oval:org.mitre.oval:def:257
Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from (1) Msb1fren.dll, (2) Htmlmm.ocx, and (3) Blnmgrps.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2006-4697.

oval:org.secpod.oval:def:10948
The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbit ...

oval:org.secpod.oval:def:10958
The host is missing a critical security update according to Microsoft Security bulletin MS13-037. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitati ...

oval:org.secpod.oval:def:10950
The host is installed with Microsoft Internet Explorer 6 through 8 and is prone to JSON array information disclosure vulnerability. A flaw is present in the application, which fails to properly restrict data access by VBScript. Successful exploitation could allow attackers to perform cross-domain re ...

oval:org.secpod.oval:def:10953
The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbit ...

oval:org.secpod.oval:def:10954
The host is installed with Microsoft Internet Explorer 6 or 7 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbitrary c ...

oval:org.secpod.oval:def:10957
The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbit ...

oval:gov.nist.USGCB.ie7:def:1119
Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Turn Off First- Run Opt-In

oval:org.secpod.oval:def:14193
The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:14191
The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:gov.nist.USGCB.ie7:def:1113
This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.

oval:gov.nist.USGCB.ie7:def:1355
Prevents users from running the Internet Connection Wizard. If you enable this policy, the Setup button on the Connections tab in the Internet Options dialog box appears dimmed.

oval:org.secpod.oval:def:14194
The host is missing a critical security update according to Microsoft security bulletin, MS13-047. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the application, which fails to properly handle a deleted object in memory. Successful exploitation co ...

oval:org.secpod.oval:def:14178
The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:gov.nist.USGCB.ie7:def:1379
This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.

oval:org.secpod.oval:def:14175
The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:gov.nist.USGCB.ie7:def:1384
Prevents branding of Internet programs, such as customization of Internet Explorer and Outlook Express logos and title bars, by another party.

oval:org.secpod.oval:def:14180
The host is installed with Microsoft Internet Explorer 7, 8 or 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:14185
The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:2050
The host is installed with Microsoft Internet Explorer and is prone to security-bypass vulnerability. A flaw is present in the application which fails to properly restrict modifications to cookies established in HTTPS sessions. Successful exploitation allows attackers to bypass security features pro ...

oval:gov.nist.USGCB.ie7:def:1322
This policy setting prevents performance of the First Run Customize settings ability and controls what the user will see when they launch Internet Explorer for the first time after installation of Internet Explorer.

oval:org.secpod.oval:def:16188
The host is installed with Microsoft Internet Explorer 6, 7, 8 or 9 and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to handle an object in memory. Successful exploitation allows attackers to execute arbitrary code in the context of the current u ...

oval:gov.nist.USGCB.ie7:def:1108
This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.

oval:gov.nist.USGCB.ie7:def:1109
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy setting, HTML fonts can be downloaded automatically.

oval:gov.nist.USGCB.ie7:def:1100
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked. If you enable this policy setting, most unwanted pop-up windows are prevented from appearing.

oval:org.secpod.oval:def:16776
The host is installed with Microsoft Internet Explorer 6, 7 or 8 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to properly handle the access of an object in memory. Successful exploitation allows attackers to execute arbitrary code or cause a deni ...

oval:gov.nist.USGCB.ie7:def:1199
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone. If you enable this policy, users can download signed controls without user intervention.

oval:org.mitre.oval:def:5820
Microsoft Internet Explorer 6 and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka "HTML Object Memory Corruption Vulnerability."

oval:org.secpod.oval:def:16766
The host is installed with Microsoft Internet Explorer 6, 7, 8, 9 or 10 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to properly handle the access of an object in memory. Successful exploitation allows attackers to execute arbitrary code or cause ...

oval:gov.nist.USGCB.ie7:def:1153
This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.

oval:org.secpod.oval:def:31728
The host is installed with Internet Explorer 7 or 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current u ...

oval:org.secpod.oval:def:31729
The host is installed with Internet Explorer 7 or 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current u ...

oval:gov.nist.USGCB.ie7:def:1166
This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.

oval:gov.nist.USGCB.ie7:def:1171
This policy setting prevents users from participating in the Customer Experience Improvement Program (CEIP).

oval:gov.nist.USGCB.ie7:def:1174
This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.

oval:gov.nist.USGCB.ie7:def:1179
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked. If you enable this policy setting, most unwanted pop-up windows are prevented from appearing.

oval:org.secpod.oval:def:15461
The host is installed with Internet Explorer 6, 7, 8, 9, or 10 and is prone to remote code execution vulnerability. The flaw is present in the application, which fails to properly handle an object in memory that has been deleted or has not been properly allocated. Successful exploitation allows atta ...

oval:gov.nist.USGCB.ie7:def:1183
This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.

oval:gov.nist.USGCB.ie7:def:1181
The Make proxy settings per - machine (rather than per-user) setting ensures proxy settings for all users of the same computer are the same.

oval:gov.nist.USGCB.ie7:def:1187
This setting specifies the update check interval. The default value is 30 days. If you enable this policy setting, the user will not be able to configure the update check interval. You have to specify the update check interval.

oval:gov.nist.USGCB.ie7:def:1184
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download, not the zone from which the file is delivered.

oval:org.mitre.oval:def:5602
Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, a different vulnerability than CVE-2008-2254, aka "HTML Object Memory Corruption Vulnerability."

oval:org.mitre.oval:def:11574
Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerabilit ...

oval:org.secpod.oval:def:15982
The host is installed with Microsoft Internet Explorer 6, 7, 8, 9 or 10 and is prone to a information disclosure vulnerability. The flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to bypass the Same Origin Policy and obtain sensit ...

oval:org.secpod.oval:def:15983
The host is installed with Microsoft Internet Explorer 6, 7 or 8 and is prone to a information disclosure vulnerability. The flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to read content from a different domain or zone via craft ...

oval:org.secpod.oval:def:15984
The host is installed with Microsoft Internet Explorer 6, 7, 8 or 9 and is prone to a memory corruption vulnerability. The flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to crash the service.

oval:gov.nist.USGCB.ie7:def:1753
This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.

oval:gov.nist.USGCB.ie7:def:1516
This AutoComplete feature suggests possible matches when users are filling up forms. If you enable this setting, the user is not suggested matches when filling forms. The user cannot change it.

oval:org.mitre.oval:def:5266
Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to a document object "appended in a specific order," aka "HTML Objects Memory Corruption V ...

oval:org.mitre.oval:def:11994
Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability ...

oval:org.secpod.oval:def:704
The host is installed with Microsoft Internet Explorer and is prone to information disclosure vulnerability. A flaw is present in the browser, which fails to handle malicious data in frame tags. Successful exploitation could allow remote attackers to obtain sensitive information.

oval:org.secpod.oval:def:16190
The host is installed with Microsoft Internet Explorer 7 and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to handle an object in memory. Successful exploitation allows attackers to execute arbitrary code in the context of the current user.

oval:org.mitre.oval:def:5487
Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via crafted HTML layout combinations, aka "HTML Rendering Memory Corruption Vulnerability."

oval:org.mitre.oval:def:5481
Stack-based buffer overflow in certain ActiveX controls in (1) FPOLE.OCX 6.0.8450.0 and (2) Foxtlib.ocx, as used in the Microsoft Visual FoxPro 6.0 fpole 1.0 Type Library; and Internet Explorer 5.01, 6 SP1 and SP2, and 7; allows remote attackers to execute arbitrary code via a long first argument to ...

oval:org.secpod.oval:def:78
The host is installed with Microsoft Internet Explorer is prone to Cascading Style Sheets (CSS) memory corruption vulnerability. A flaw is present in the application, which fails to properly handle recursive memory access while importing a CSS. Successful exploitation could allow attackers to gain t ...

oval:org.secpod.oval:def:14823
The host is installed with Internet Explorer 6, 7, 8, 9 or 10 and is prone to cross-site-scripting (XSS) vulnerability. A flaw is present in the application, which fails to properly handle certain character sequences. Successful exploitation allows attackers to perform cross-site scripting attacks.

oval:gov.nist.USGCB.ie7:def:31105
This policy setting controls whether or not the 'Open File - Security Warning' prompt is shown when launching executables or other unsafe files.

oval:gov.nist.USGCB.ie7:def:31108
The Restrict ActiveX Install\Internet Explorer Processes policy setting enables blocking of ActiveX control installation prompts for Internet Explorer processes.

oval:org.secpod.oval:def:2527
The host is installed with Microsoft Internet Explorer 6,7,8 or 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle deleted elements. Successful exploitation could allow an attacker to execute arbitrary code.

oval:gov.nist.USGCB.ie7:def:31103
This policy setting controls whether a page may control embedded WebBrowser Controls via script

oval:org.secpod.oval:def:2529
The host is installed with Microsoft Internet Explorer 6,7,8 and is prone to a remote code execution vulnerability. A flaw is present in the applications, which fail to properly handle deleted elements. Successful exploitation could allow an attacker to execute arbitrary code.

oval:gov.nist.USGCB.ie7:def:31104
This policy setting controls whether or not the local path information will be sent when uploading a file via a HTML form.

oval:org.secpod.oval:def:2528
The host is installed with Internet Explorer 6,7,8 or 9 and is prone to a remote code execution vulnerability. A flaw is present in the applications, which fail to handle an improperly initialized object. Successful exploitation could allow attackers to execute arbitrary code.

oval:gov.nist.USGCB.ie7:def:31100
This policy setting controls whether or not the 'Open File - Security Warning' prompt is shown when launching executables or other unsafe files.

oval:gov.nist.USGCB.ie7:def:1986
This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.

oval:org.secpod.oval:def:2534
The host is installed with Microsoft Internet Explorer 6,7,8 or 9 and is prone to a remote code execution vulnerability. A flaw is present in the applications, which fail to properly handle a virtual function table after it has been corrupted. Successful exploitation could allow an attacker to execu ...

oval:org.secpod.oval:def:2533
The host is installed with Microsoft Internet Explorer 6,7,8 or 9 and is prone to a remote code execution vulnerability. A flaw is present in the applications, which fail to properly handle deleted elements. Successful exploitation could allow an attacker to execute arbitrary code.

oval:org.secpod.oval:def:2535
The host is missing a critical security update according to MS11-081. The update is required to fix multiple remote code execution vulnerabilities. The flaws are present in the applications, which fail to handle specially crafted webpage. Successful exploitation could allow attackers to gain same us ...

oval:org.secpod.oval:def:14814
The host is installed with Internet Explorer 7, 8, 9 or 10 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to properly access an object in memory. Successful exploitation allows attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:14815
The host is installed with Internet Explorer 6, 7, 8, 9 or 10 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to properly access an object in memory. Successful exploitation allows attackers to execute arbitrary code in the context of the current us ...

oval:gov.nist.USGCB.ie7:def:1238
The Configure Outlook Express setting allows administrators to enable and disable the ability for Microsoft Outlook Express users to save or open attachments that can potentially contain a virus.

oval:org.secpod.oval:def:8960
The host is installed with Internet Explorer 6 or 7 or 8 or 9 and is prone to information disclosure vulnerability. A flaw is present in the application, which fails to properly handle UNC share pathname in the SRC attribute of a SCRIPT element. Successful exploitation allows attackers to obtain sen ...

oval:gov.nist.USGCB.ie7:def:1234
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars. If you enable this policy setting, Windows Restrictions security will not apply in this zone.

oval:gov.nist.USGCB.ie7:def:1019
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone. If you enable this policy, users can download signed controls without user intervention.

oval:org.secpod.oval:def:14298
The host is installed with Microsoft Internet Explorer 6, 7, 8, 9 or 10 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to properly process a HTML webpage. Successful exploitation could allow attackers to inject arbitrary web script or HTML via ...

oval:org.secpod.oval:def:14295
The host is installed with Microsoft Internet Explorer 7, 8, 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly process a webpage. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of servic ...

oval:org.secpod.oval:def:14293
The host is installed with Microsoft Internet Explorer 6, 7, 8, 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly process a webpage. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of ser ...

oval:org.secpod.oval:def:15397
The host is installed with Internet Explorer 7, 8, 9 or 10 and is prone to memory corruption vulnerability. The flaw is present in the application, which fails to properly handle crafted webpage. Successful exploitation allows attackers to execute arbitrary code and gain the user rights as the curre ...

oval:org.secpod.oval:def:15398
The host is installed with Internet Explorer 6, 7 or 8 and is prone to memory corruption vulnerability. The flaw is present in the application, which fails to properly handle crafted webpage. Successful exploitation allows attackers to execute arbitrary code and gain the user rights as the current u ...

oval:org.secpod.oval:def:15392
The host is missing a critical security update according to Microsoft bulletin, MS13-069. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly access an object in memory. Successful exploitation allows attackers to execute arbitrar ...

oval:gov.nist.USGCB.ie7:def:1437
Prevents users from restoring default settings for home and search pages. If you enable this policy, the Reset Web Settings button on the Programs tab in the Internet Options dialog box appears dimmed.

oval:org.mitre.oval:def:5913
Microsoft Internet Explorer 6 and 7 does not perform proper "argument validation" during print preview, which allows remote attackers to execute arbitrary code via unknown vectors, aka "HTML Component Handling Vulnerability."

oval:gov.nist.USGCB.ie7:def:1206
This policy setting specifies if, as you move from one Web page to another, Internet Explorer fades out of the page you are leaving and fades into the page to which you are going. If you enable this policy setting, page transitions will be turned off.

oval:gov.nist.USGCB.ie7:def:31098
This policy setting controls whether a page may control embedded WebBrowser Controls via script

oval:gov.nist.USGCB.ie7:def:31099
This policy setting controls whether or not the local path information will be sent when uploading a file via a HTML form.

oval:org.mitre.oval:def:5901
Cross-domain vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 7 allows remote attackers to access restricted information from other domains via JavaScript that uses the Object data type for the value of a (1) location or (2) location.href property, related to incorrect determination of ...

oval:gov.nist.USGCB.ie7:def:1699
This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.

oval:gov.nist.USGCB.ie7:def:1218
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.

oval:gov.nist.USGCB.ie7:def:1219
This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted Sites, can navigate into this zone.

oval:gov.nist.USGCB.ie7:def:1694
The Do not allow users to enable or disable add-ons policy setting allows you to manage whether users have the ability to allow or deny add-ons through Manage Add-ons.

oval:gov.nist.USGCB.ie7:def:31061
This policy setting allows you to manage whether scriptlets can be allowed. If you enable this policy setting, users will be able to run scriptlets. If you disable this policy setting, users will not be able to run scriptlets.

oval:gov.nist.USGCB.ie7:def:1229
This policy setting allows you to manage the opening of sub-frames and access of applications across different domains. If you enable this policy setting, users can open sub-frames from other domains and access applications from other domains.

oval:org.mitre.oval:def:12055
Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than C ...

oval:gov.nist.USGCB.ie7:def:1083
This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone. If you enable this policy setting, users can drag files or copy and paste files from this zone automatically.

oval:org.mitre.oval:def:12279
Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerabilit ...

oval:gov.nist.USGCB.ie7:def:1277
Applies security zone information to all users of the same computer. A security zone is a group of Web sites with the same security level. If you enable this policy, changes that the user makes to a security zone will apply to all users of that computer.

oval:gov.nist.USGCB.ie7:def:1040
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts.

oval:org.secpod.oval:def:14288
The host is installed with Microsoft Internet Explorer 6, 7, 8, 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly process a webpage. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of ser ...

oval:org.secpod.oval:def:14289
The host is installed with Microsoft Internet Explorer 7 or 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly process a webpage. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service via a ...

oval:org.secpod.oval:def:14287
The host is installed with Microsoft Internet Explorer 6, 7, 8 or 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly process a webpage. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ...

oval:gov.nist.USGCB.ie7:def:1043
This policy setting allows you to manage whether scriptlets can be allowed. If you enable this policy setting, users will be able to run scriptlets. If you disable this policy setting, users will not be able to run scriptlets.

oval:gov.nist.USGCB.ie7:def:1285
This setting specifies to automatically detect the proxy server settings used to connect to the Internet and customize Internet Explorer.

oval:org.secpod.oval:def:14281
The host is missing a critical security update according to Microsoft security bulletin, MS13-055. The update is required to fix multiple remote code execution vulnerabilities. The flaws are present in the application, which fails to properly handle crafted webpage. Successful exploitation could all ...

oval:org.secpod.oval:def:14282
The host is installed with Microsoft Internet Explorer 7, 8, 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly process a web script. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of ser ...

oval:org.mitre.oval:def:5720
Heap-based buffer overflow in the substringData method in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code, related to an unspecified manipulation of a DOM object before a call to this method, aka the "HTML Objects Memory Corruption Vulnerability."

oval:org.secpod.oval:def:2623
The host is missing a critical security update according to Microsoft bulletin, MS08-045. The update is required to fix multiple remote code execution vulnerabilities. The flaws are present in the application, which fails to handle a specially crafted web page. Successful exploitation could allow at ...

oval:org.secpod.oval:def:2626
The host is missing a critical security update according to bulletin, MS08-078. The update is required to fix multiple remote code execution vulnerabilities. The flaw are present in the application, which fails to handle a specially crafted Web page. Successful exploitation could allow remote code e ...

oval:gov.nist.USGCB.ie7:def:9998
Computer-wide, rather than per-user, assignment of sites to zones for Internet Explorer should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:451
The host is installed with Microsoft Internet Explorer and is prone to arbitrary code execution vulnerability. A flaw is present in the browser, which allows bypassing DEP (data execution prevention) and ASLR (address space layout randomization) protection mechanisms used in IE Protected Mode sandbo ...

oval:gov.nist.USGCB.ie7:def:62199
The "Turn on Protected Mode" setting should be configured correctly for the Restricted Sites Zone.

oval:org.secpod.oval:def:2629
The host is missing a critical security update according to Microsoft bulletin, MS08-024. The update is required to fix a remote code execution vulnerability. A flaw is present in the application. which fails to handle a specially crafted web page. Successful exploitation could allow attackers to ex ...

oval:org.mitre.oval:def:12322
Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability. ...

oval:org.secpod.oval:def:15642
The host is installed with Microsoft Internet Explorer 6, 7, 8, 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to crash the service.

oval:org.mitre.oval:def:11447
Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than C ...

oval:org.secpod.oval:def:15651
The host is missing a critical security update according to Microsoft security bulletin, MS13-080. The update is required to fix multiple memory corruption vulnerabilities. The flaw are present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to c ...

oval:org.secpod.oval:def:16988
The host is installed with Internet Explorer 6 through 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user or execut ...

oval:org.secpod.oval:def:16987
The host is installed with Internet Explorer 6 through 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user or execut ...

oval:org.secpod.oval:def:26520
The host is installed with Internet Explorer 7 or 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the currently logge ...

oval:org.mitre.oval:def:5563
Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 through SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream that triggers memory corruption, as demonstrated using an invalid MIME-type that does not have a registered handler.

oval:org.mitre.oval:def:6000
Microsoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to CFunctionPointer and the appending of document objects, aka "Uninitialized Memory Corruption Vulne ...

oval:org.mitre.oval:def:6007
Use-after-free vulnerability in mshtml.dll in Microsoft Internet Explorer 5.01, 6, and 7 on Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a crafted XML document containing nested SPAN elements, as exploited ...

oval:gov.nist.USGCB.ie7:def:1404
The Security Zones: Do not allow users to change policies setting prevents users from changing security zone settings. A security zone is a group of Web sites with the same security level.

oval:gov.nist.USGCB.ie7:def:1883
This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.

oval:gov.nist.USGCB.ie7:def:1400
The Security Zones: Do not allow users to add/delete sites setting prevents users from adding or removing sites from security zones. A security zone is a group of Web sites with the same security level.

oval:gov.nist.USGCB.ie7:def:1419
This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.

oval:gov.nist.USGCB.ie7:def:31024
This policy setting allows you to manage whether script is allowed to update the status bar within the zone. If you enable this policy setting, script is allowed to update the status bar.

oval:gov.nist.USGCB.ie7:def:31035
This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer.

oval:gov.nist.USGCB.ie7:def:1422
This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.

oval:gov.nist.USGCB.ie7:def:31036
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer.

oval:org.mitre.oval:def:5366
Microsoft Internet Explorer 5.01, 6, and 7 does not properly handle objects that have been incorrectly initialized or deleted, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka "Uninitialized Memory Corruption Vulnerability."

oval:org.mitre.oval:def:11853
Race condition in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to an object in memory, aka "Race Condition Memory Corruption Vulnerability."

oval:org.mitre.oval:def:11606
The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft mshtml.dll uses a certain pointer value as part of producing Timer ID values for the setTimeout and setInterval methods in VBScript and JScript, which allows remote attackers to obtain sensitive information about the heap memory addr ...

oval:org.secpod.oval:def:9294
The host is installed with Internet Explorer 6, 7, 8, 9 or 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9295
The host is installed with Internet Explorer 6, 7, 8, 9 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.mitre.oval:def:11832
Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Layout Memory Corruption Vulnerability."

oval:org.mitre.oval:def:6025
Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to a document object "appended in a specific order" with "particular functions ... perform ...

oval:org.secpod.oval:def:9286
The host is installed with Internet Explorer 6, 7, 8 or 9 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:8193
The host is installed with Internet Explorer 6, 7, 8, 9 or 10 and is prone to an InjectHTMLStream use-after-free vulnerability. A flaw is present in the application, which fails to handle a deleted object. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9284
The host is installed with Internet Explorer 6, 7, 8, 9 or 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9285
The host is installed with Internet Explorer 6, 7, 8 or 9 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:16185
The host is installed with Microsoft Internet Explorer 7, 8, 9, 10 or 11 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which fails to properly validate permissions. Successful exploitation allows attackers to gain elevation of privilege.

oval:org.secpod.oval:def:16186
The host is installed with Microsoft Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to handle an object in memory. Successful exploitation allows attackers to execute arbitrary code in the context of the c ...

oval:org.secpod.oval:def:15980
The host is missing a critical security update according to Microsoft security bulletin, MS13-088. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to ...

oval:org.secpod.oval:def:15990
The host is installed with Microsoft Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. The flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:15988
The host is installed with Microsoft Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. The flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:15641
The host is installed with Microsoft Internet Explorer 6, 7, 8, 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fails to handle crafted data. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:15650
The host is installed with Microsoft Internet Explorer 6, 7, 8, 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fails to handle crafted data. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:16187
The host is installed with Microsoft Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to handle an object in memory. Successful exploitation allows attackers to execute arbitrary code in the context of the c ...

oval:org.secpod.oval:def:17002
The host is missing a critical security update according to Microsoft security bulletin, MS14-012. The update is required to fix multiple memory corruption vulnerabilities.The flaws are present in the application, which fails to properly handle objects in memory. Successful exploitation could allow ...

oval:org.secpod.oval:def:16771
The host is installed with Microsoft Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to properly handle the access of an object in memory. Successful exploitation allows attackers to execute arbitrary code or c ...

oval:org.secpod.oval:def:16781
The host is installed with Microsoft Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to properly handle the access of an object in memory. Successful exploitation allows attackers to execute arbitrary code or c ...

oval:org.secpod.oval:def:16780
The host is installed with Microsoft Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to properly handle the access of an object in memory. Successful exploitation allows attackers to execute arbitrary code or c ...

oval:org.secpod.oval:def:16995
The host is installed with Internet Explorer 6 through 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user or execu ...

oval:org.secpod.oval:def:16757
The host is installed with VBScript engine 5.6, 5.7 or 5.8 or Microsoft Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitra ...

oval:org.secpod.oval:def:16990
The host is installed with Internet Explorer 6 through 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user or execu ...

oval:org.secpod.oval:def:16762
The host is missing a critical security update according to Microsoft bulletin, MS14-010. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle certain vectors related to memory. Successful exploitation allows attackers to execute arb ...

oval:org.secpod.oval:def:16191
The host is missing a critical security update according to Microsoft bulletin, MS13-097. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly validate permissions and handle an object in memory. Successful exploitation allows atta ...

oval:org.secpod.oval:def:16984
The host is installed with Internet Explorer 6 through 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user or execu ...

oval:org.secpod.oval:def:19864
The host is installed with IE 6,7 or 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:18542
The host is missing a critical security update according to Microsoft bulletin, MS14-029. The update is required to fix remote code execution vulnerability. The flaws are present in the application, which fails to handle certain vectors related to memory. Successful exploitation allows attackers to ...

oval:org.secpod.oval:def:18541
The host is installed with Microsoft Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to properly handle the access of an object in memory. Successful exploitation allows attackers to execute arbitrary code ...

oval:org.secpod.oval:def:18540
The host is installed with Microsoft Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to properly handle the access of an object in memory. Successful exploitation allows attackers to execute arbitrary code ...

oval:org.secpod.oval:def:19814
The host is installed with IE 6,7,8,9,10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:19815
The host is installed with IE 6,7,8,9,10 or 11 and is prone to a TLS server certificate renegotiation vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:19810
The host is installed with IE 6,7,8,9,10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:19811
The host is installed with IE 7,8,9,10 or 11 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:19809
The host is installed with IE 6,7,8,9,10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:19808
The host is missing a critical security update according to Microsoft security bulletin, MS14-035. The update is required to fix multiple vulnerabilities. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rig ...

oval:org.secpod.oval:def:19858
The host is installed with IE 6 or 7 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:19859
The host is installed with IE 6,7 or 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:19822
The host is installed with IE 6,7,8,9,10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:19819
The host is installed with IE 6,7,8,9,10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:19837
The host is installed with IE 6,8,9,10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:19833
The host is installed with IE 7,8,9,10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:17584
The host is installed with Microsoft Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to properly handle the access of an object in memory. Successful exploitation allows attackers to execute arbitrary code or c ...

oval:org.secpod.oval:def:17583
The host is missing a critical security update according to Microsoft bulletin, MS14-021. The update is required to fix memory corruption vulnerability. The flaws are present in the application, which fails to handle certain vectors related to memory. Successful exploitation allows attackers to exec ...

oval:org.secpod.oval:def:17397
The host is missing a critical security update according to Microsoft bulletin, MS14-018. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted website. Successful exploitation allows attacker to execute arbitrary code in the ...

oval:org.secpod.oval:def:17396
The host is installed with Microsoft Internet Explorer 6, 7, 8 or 9 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation allows attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:17395
The host is installed with Microsoft Internet Explorer 6 or 7 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation allows attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:19842
The host is installed with IE 6,7,8,9,10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:19839
The host is installed with IE 6,7,8,9,10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:19849
The host is installed with IE 6,7,8,9,10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:20798
The host is installed with Internet Explorer 7, 8, 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the application , which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:20116
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:20114
The host is installed with Internet Explorer 6, 7 or 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:20122
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:20123
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:20107
The host is installed with Internet Explorer 6 or 7 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:20104
The host is installed with Internet Explorer 7 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:20102
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:20103
The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a Extended Validation (EV) certificate security feature bypass vulnerability. A flaw is present in the application , which force to prevent the use of wildcard certificates. Successful exploitation could allow attackers t ...

oval:org.secpod.oval:def:20112
The host is installed with Internet Explorer 6 or 7 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:20125
The host is missing a critical security update according to Microsoft bulletin, MS14-037. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the application, which fails to properly access objects in memory. Successful exploitation could allow attacker ...

oval:org.secpod.oval:def:21390
The host is missing a critical security update according to Microsoft bulletin, MS14-056. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly access objects in memory or handle a crafted webpage. Successful exploitation could allo ...

oval:org.secpod.oval:def:21379
The host is installed with Internet Explorer 6, 7, 8, 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to elevate privileges in affected versions of Internet Explore ...

oval:org.secpod.oval:def:21380
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to elevate privileges in affected versions of Internet Exp ...

oval:org.secpod.oval:def:21385
The host is installed with Internet Explorer 6, 7 or 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to elevate privileges in affected versions of Internet Explorer.

oval:org.secpod.oval:def:21386
The host is installed with Internet Explorer 6 or 7 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to elevate privileges in affected versions of Internet Explorer.

oval:org.secpod.oval:def:21384
The host is installed with Internet Explorer 6 or 7 and is prone to a elevation of privilege vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to elevate privileges in affected versions of Internet Explorer.

oval:org.secpod.oval:def:21574
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:21573
The host is missing a critical security update according to Microsoft bulletin, MS14-065. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly access objects in memory or to handle a crafted webpage. Successful exploitation could a ...

oval:org.secpod.oval:def:21376
The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a elevation of privilege vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to elevate privileges in affected versions of Internet E ...

oval:org.secpod.oval:def:21377
The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a elevation of privilege vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to elevate privileges in affected versions of Internet E ...

oval:org.secpod.oval:def:21587
The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a clipboard information disclosure vulnerability. A flaw is present in the application, which does not properly restrict access to the clipboard of a user who visits a website. Successful exploitation could allow attacker ...

oval:org.secpod.oval:def:21578
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:21577
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a cross-domain information disclosure vulnerability. A flaw is present in the application, which does not properly enforce cross-domain policies. Successful exploitation could allow an attacker to gain access to inform ...

oval:org.secpod.oval:def:21050
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a information disclosure vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to detect anti-malware applications in use on a targe ...

oval:org.secpod.oval:def:21057
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ...

oval:org.secpod.oval:def:21058
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ...

oval:org.secpod.oval:def:21055
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ...

oval:org.secpod.oval:def:21056
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ...

oval:org.secpod.oval:def:21053
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ...

oval:org.secpod.oval:def:21054
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ...

oval:org.secpod.oval:def:21051
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ...

oval:org.secpod.oval:def:21052
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ...

oval:org.secpod.oval:def:21086
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ...

oval:org.secpod.oval:def:21087
The host is missing a critical security update according to Microsoft bulletin, MS14-052. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly access objects in memory or handle a crafted webpage. Successful exploitation could allo ...

oval:org.secpod.oval:def:21070
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ...

oval:org.secpod.oval:def:21078
The host is installed with Internet Explorer 6 through 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service.

oval:org.secpod.oval:def:21075
The host is installed with Internet Explorer 6 through 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service.

oval:org.secpod.oval:def:21059
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ...

oval:org.secpod.oval:def:21060
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ...

oval:org.secpod.oval:def:21061
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ...

oval:org.secpod.oval:def:21068
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ...

oval:org.secpod.oval:def:21069
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ...

oval:org.secpod.oval:def:21066
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ...

oval:org.secpod.oval:def:21067
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ...

oval:org.secpod.oval:def:21064
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ...

oval:org.secpod.oval:def:21065
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ...

oval:org.secpod.oval:def:21062
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ...

oval:org.secpod.oval:def:21063
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ...

oval:org.secpod.oval:def:21866
The host is installed with Internet Explorer 6, 7 or 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:21871
The host is missing a critical security update according to Microsoft bulletin, MS14-080. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle a crafted website or crafted content. Successful exploitation could allow attacke ...

oval:org.secpod.oval:def:21857
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:21861
The host is installed with Internet Explorer 6 or 7 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:23508
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:23505
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:23504
The host is installed with Internet Explorer 6, 7, 8, 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:23503
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:23500
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:23789
The host is missing a critical security update according to Microsoft bulletin, MS15-018. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle a specially crafted webpage. Successful exploitation could allow attackers to gai ...

oval:org.secpod.oval:def:23788
The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which does not properly enforce cross-domain policies. Successful exploitation could allow attackers to access information from one domain and ...

oval:org.secpod.oval:def:23539
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a cross-domain information disclosure vulnerability. A flaw is present in the application, which does not properly enforce cross-domain policies. Successful exploitation could allow an attacker to gain access to inform ...

oval:org.secpod.oval:def:23779
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:23778
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:23534
The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which does not properly validate permissions under specific conditions, potentially allowing script to be run with elevated privileges. Successful e ...

oval:org.secpod.oval:def:23524
The host is installed with Internet Explorer 6, 7 or 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:23532
The host is installed with Internet Explorer 6, 7, 8 or 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:23530
The host is installed with Internet Explorer 6, 7 or 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:23515
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:23513
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:23512
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:23520
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:23498
The host is missing a critical security update according to Microsoft bulletin, MS15-009. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle a crafted website or objects in memory. Successful exploitation could allow attac ...

oval:org.secpod.oval:def:24098
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to an ASLR bypass vulnerability. A flaw is present in the application, which does not use the Address Space Layout Randomization (ASLR) security feature. Successful exploitation could allow attackers to bypass the Address ...

oval:org.secpod.oval:def:24095
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:24088
The host is missing a critical security update according to Microsoft bulletin, MS15-032. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle a specially crafted webpage. Successful exploitation could allow attackers to gai ...

oval:org.secpod.oval:def:24089
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:24315
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ...

oval:org.secpod.oval:def:24316
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ...

oval:org.secpod.oval:def:24317
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which does not properly validate permissions under specific conditions. Successful exploitation could allow attackers to elevate privileges ...

oval:org.secpod.oval:def:24318
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ...

oval:org.secpod.oval:def:24314
The host is missing a critical security update according to Microsoft bulletin, MS15-043. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle a specially crafted webpage. Successful exploitation could allow attackers to gai ...

oval:org.secpod.oval:def:24325
The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current u ...

oval:org.secpod.oval:def:24326
The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a information disclosure vulnerability. A flaw is present in the application, which does not properly restrict access to the clipboard of a user who visits a website. Successful exploitation could allow attackers to colle ...

oval:org.secpod.oval:def:25374
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ...

oval:org.secpod.oval:def:25375
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ...

oval:org.secpod.oval:def:25376
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ...

oval:org.secpod.oval:def:25377
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ...

oval:org.secpod.oval:def:25378
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ...

oval:org.secpod.oval:def:25379
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ...

oval:org.secpod.oval:def:25380
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to an information disclosure vulnerability. A flaw is present in the application, which does not properly handle requests for module resources. Successful exploitation could allow attackers to detect the existence of spec ...

oval:org.secpod.oval:def:25381
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to an ASLR bypass vulnerability. A flaw is present in the application, which fails to handle the memory offsets of specific instructions in a given call stack. An attacker who successfully exploited this vulnerability cou ...

oval:org.secpod.oval:def:25382
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ...

oval:org.secpod.oval:def:25401
The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to an elevation of privilege Vulnerability. A flaw is present in the application, which does not properly validate permissions under specific conditions. An attacker who successfully exploited the vulnerability could elevate ...

oval:org.secpod.oval:def:25403
The host is missing a critical security update according to Microsoft security bulletin, MS15-065. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the application, which improperly accesses objects in memory. Successful exploitation could allow atta ...

oval:org.secpod.oval:def:26514
The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curr ...

oval:org.secpod.oval:def:25826
The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:26515
The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curr ...

oval:org.secpod.oval:def:31733
The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as th ...

oval:org.secpod.oval:def:20801
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application , which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:20786
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application , which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:20785
The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application , which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:20793
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application , which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:20792
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application , which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:20777
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application , which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:20776
The host is missing a critical security update according to Microsoft bulletin, MS14-051. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the application, which fails to properly access objects in memory. Successful exploitation could allow attacker ...

oval:org.secpod.oval:def:20783
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application , which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:30020
The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as th ...

oval:org.mitre.oval:def:1441
Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, which results in memory corruption, aka the first of two "HTML Objects Memory Corruption Vulnerab ...

oval:org.mitre.oval:def:1463
Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and 7 on Windows Vista allows remote attackers to execute arbitrary code via certain property methods that may trigger memory corruption, aka "Property Memory Corruption Vulnerability ...

oval:org.mitre.oval:def:1722
Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; and 6 on Windows XP SP2, or Windows Server 2003 SP1 or SP2 allows remote attackers to execute arbitrary code by calling deleteCell on a named ta ...

oval:org.mitre.oval:def:1885
Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; or 7 on Windows Vista allows remote attackers to overwri ...

oval:org.mitre.oval:def:1939
Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and possibly 7 on Windows Vista does not properly "instantiate certain COM objects as ActiveX controls," which allows remote attackers to execute arbitra ...

oval:org.mitre.oval:def:2048
Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two "HTML Obje ...

oval:org.mitre.oval:def:1715
Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the "Navigation Canceled" page and inject ...

oval:org.secpod.oval:def:1205
The host is installed with Microsoft Internet Explorer 6/7/8 and is prone to remote code execution vulnerability. A flaw is present in VML implementation which fails to open a specially crafted web page. Successful exploitation allows remote attackers to gain the same user rights as the logged-on us ...

oval:gov.nist.USGCB.ie7:def:293
This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting, script code on pages in the zone can run automatically.

oval:gov.nist.USGCB.ie7:def:290
This policy setting allows you to manage software channel permissions. If you enable this policy setting, you can choose the following options from the drop-down box.

oval:gov.nist.USGCB.ie7:def:916
This policy setting turns off the Security Settings Check feature, which checks Internet Explorer security settings to determine when the settings put Internet Explorer at risk.

oval:gov.nist.USGCB.ie7:def:953
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.

oval:gov.nist.USGCB.ie7:def:715
This policy setting allows checking for updates for Internet Explorer from the specified URL, included by default in Internet Explorer.

oval:gov.nist.USGCB.ie7:def:706
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.

oval:gov.nist.USGCB.ie7:def:949
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone.

oval:gov.nist.USGCB.ie7:def:524
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy setting, HTML fonts can be downloaded automatically.

oval:gov.nist.USGCB.ie7:def:757
This setting specifies the number of days that Internet Explorer keeps track of the pages viewed in the History List. The delete Browsing History option can be accessed using Tools, Internet Options and General tab.

oval:gov.nist.USGCB.ie7:def:501
This policy setting allows the user to enable a phishing filter that will warn if the Web site being visited is known for fraudulent attempts to gather personal information through "phishing."

oval:gov.nist.USGCB.ie7:def:506
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in a specified region. If you enable this policy setting, a script can perform a clipboard operation.

oval:gov.nist.USGCB.ie7:def:326
This policy setting allows you to manage settings for logon options. If you enable this policy setting, you can choose from the following logon options.

oval:gov.nist.USGCB.ie7:def:329
This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer.

oval:gov.nist.USGCB.ie7:def:320
In certain circumstances, Web sites can initiate file download prompts without interaction from users. This technique can allow Web sites to put unauthorized files on users' hard drives if they click the wrong button and accept the download.

oval:gov.nist.USGCB.ie7:def:314
This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.

oval:gov.nist.USGCB.ie7:def:317
MIME sniffing is the process of examining the content of a MIME file to determine its context - whether it is a data file, an executable file, or some other type of file.

oval:gov.nist.USGCB.ie7:def:559
This policy setting controls whether URLs representing UNCs are mapped into the local Intranet security zone. If you enable this policy setting, all network paths are mapped into the Intranet Zone.

oval:gov.nist.USGCB.ie7:def:302
This policy setting allows you to manage software channel permissions. If you enable this policy setting, you can choose the following options from the drop-down box.

oval:gov.nist.USGCB.ie7:def:6110
The "Turn off downloading of enclosures" setting should be configured correctly.

oval:gov.nist.USGCB.ie7:def:300
This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.

oval:gov.nist.USGCB.ie7:def:365
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached. If you enable this policy setting, binary and script behaviors are available.

oval:gov.nist.USGCB.ie7:def:110
This policy setting allows you to manage whether Internet Explorer will launch COM add-ons known as browser helper objects, such as toolbars.

oval:gov.nist.USGCB.ie7:def:589
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars. If you enable this policy setting, Windows Restrictions security will not apply in this zone.

oval:gov.nist.USGCB.ie7:def:580
These are browser-hosted, ClickOnce-deployed applications built using WinFX. These applications execute in a security sandbox and harness the power of the Windows Presentation Foundation platform for the Web.

oval:gov.nist.USGCB.ie7:def:583
This policy setting prevents users from using the Reset Internet Explorer Settings feature. Reset Internet Explorer Settings will allow the users to reset all settings changed since install, delete browsing history and disable add-ons that are not preapproved.

oval:gov.nist.USGCB.ie7:def:338
Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Features\Enable Native XMLHttp Support

oval:gov.nist.USGCB.ie7:def:571
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone. If you enable this policy setting, controls and plug-ins can run without user intervention.

oval:gov.nist.USGCB.ie7:def:395
This policy setting allows you to manage whether Internet Explorer checks for digital signatures (which identifies the publisher of signed software and verifies it hasn't been modified or tampered with) on user computers before downloading executable programs.

oval:gov.nist.USGCB.ie7:def:391
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone.

oval:gov.nist.USGCB.ie7:def:383
This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.

oval:gov.nist.USGCB.ie7:def:378
This policy setting allows you to manage whether script is allowed to update the status bar within the zone. If you enable this policy setting, script is allowed to update the status bar.

oval:gov.nist.USGCB.ie7:def:24599
The "Download signed ActiveX controls" setting should be configured correctly for the Locked-Down Internet Zone.

oval:gov.nist.USGCB.ie7:def:172
This policy setting allows you to manage whether Internet Explorer will check revocation status of servers' certificates.

oval:gov.nist.USGCB.ie7:def:602
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script. If you enable this policy setting, script interaction can occur automatically without user intervention.

oval:gov.nist.USGCB.ie7:def:824
This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.

oval:gov.nist.USGCB.ie7:def:400
This policy setting allows you to manage whether users receive a dialog requesting permission for active content on a CD to run. If you enable this policy setting, active content on a CD will run without a prompt.

oval:gov.nist.USGCB.ie7:def:884
Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files received through a Web server. This policy setting determines whether Internet Explorer requires that all file-type information provided by Web servers be consistent. For example, ...

oval:gov.nist.USGCB.ie7:def:620
Internet Explorer places restrictions on each Web page it opens that are dependent upon the location of the Web page (such as Internet zone, Intranet zone, or Local Machine zone).

oval:gov.nist.USGCB.ie7:def:621
Computer Configuration\Network\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Turn Off First- Run Opt-In

oval:gov.nist.USGCB.ie7:def:617
The MK Protocol Security Restriction policy setting reduces attack surface area by blocking the seldom used MK protocol. Some older Web applications use the MK protocol to retrieve information from compressed files.

oval:gov.nist.USGCB.ie7:def:611
This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.

oval:gov.nist.USGCB.ie7:def:612
This policy setting allows you to manage the opening of sub-frames and access of applications across different domains. If you enable this policy setting, users can open sub-frames from other domains and access applications from other domains.

oval:gov.nist.USGCB.ie7:def:680
Microsoft ActiveX controls and file downloads often have digital signatures attached that vouch for both the file's integrity and the identity of the signer (creator) of the software. Such signatures help ensure that unmodified.

oval:gov.nist.USGCB.ie7:def:674
This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).

oval:gov.nist.USGCB.ie7:def:655
Internet Explorer treats as fatal any Secure Socket Layer/Transport Layer Security (SSL/TLS) certificate errors that interrupt navigation (such as "expired," "revoked," or "name mismatch" errors).

oval:gov.nist.USGCB.ie7:def:656
This policy setting allows you to manage whether Internet Explorer checks the Internet for newer versions.

oval:gov.nist.USGCB.ie7:def:418
This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.

oval:gov.nist.USGCB.ie7:def:652
This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).

oval:gov.nist.USGCB.ie7:def:247
This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.

oval:gov.nist.USGCB.ie7:def:249
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in a specified region. If you enable this policy setting, a script can perform a clipboard operation.

oval:gov.nist.USGCB.ie7:def:240
These are eXtensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that leverage the Windows Presentation Foundation.

oval:gov.nist.USGCB.ie7:def:242
These are browser-hosted, ClickOnce-deployed applications built using WinFX. These applications execute in a security sandbox and harness the power of the Windows Presentation Foundation platform for the Web.

oval:gov.nist.USGCB.ie7:def:245
This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.

oval:gov.nist.USGCB.ie7:def:487
The Turn off Crash Detection policy setting allows you to manage the crash detection feature of add-on management in Internet Explorer. If you enable this policy setting, a crash in Internet Explorer will be similar to one on a computer running Windows XP.

oval:gov.nist.USGCB.ie7:def:226
This policy setting allows you to manage whether script is allowed to update the status bar within the zone. If you enable this policy setting, script is allowed to update the status bar.

oval:gov.nist.USGCB.ie7:def:223
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting, users can install desktop items from this zone automatically.

oval:gov.nist.USGCB.ie7:def:465
Internet Explorer allows scripts to programmatically open, resize, and reposition various types of windows. Often, disreputable Web sites will resize windows to either hide other windows or force you to interact with a window that contains malicious code.

oval:gov.nist.USGCB.ie7:def:458
This policy setting prevents users from performing the "Delete Browsing History" action in Internet Explorer. If you enable this policy setting, users cannot perform the "Delete Browsing History" action in Internet Options for Internet Explorer 7.

oval:gov.nist.USGCB.ie7:def:691
This policy setting allows you to manage settings for logon options. If you enable this policy setting, you can choose from the following logon options.

oval:gov.nist.USGCB.ie7:def:280
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy setting, scripts can access applets automatically without user intervention.

oval:gov.nist.USGCB.ie7:def:273
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts.

oval:gov.nist.USGCB.ie7:def:274
This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.

oval:gov.nist.USGCB.ie7:def:275
These are eXtensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that leverage the Windows Presentation Foundation.

oval:gov.nist.USGCB.ie7:def:276
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer.

oval:gov.nist.USGCB.ie7:def:265
This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted Sites, can navigate into this zone.

oval:gov.nist.USGCB.ie7:def:111999
The "Turn on Protected Mode" setting should be configured correctly for the Internet Zone.

oval:gov.nist.USGCB.ie7:def:118399
The "Allow status bar updates via script" setting should be configured correctly for the Locked-Down Trusted Sites Zone.

oval:gov.nist.USGCB.ie7:def:251
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting, users can install desktop items from this zone automatically.

oval:gov.nist.USGCB.ie7:def:252
This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.

oval:gov.nist.USGCB.ie7:def:498
This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone. If you enable this policy setting, users can drag files or copy and paste files from this zone automatically.

oval:org.secpod.oval:def:5218
The host is installed with Internet Explorer 6 through 9, or 10 Consumer Preview and is prone to heap-based buffer overflow vulnerability. A flaw is present in the application, which fails to handle vectors related to browser's protected mode. Successful exploitation could allow remote attackers to ...

oval:org.secpod.oval:def:1243
The host is installed with Microsoft Internet Explorer browser and is prone to a cookiejacking vulnerability. A flaw is present in the browser, which allows remote attacker to read cookie files via vectors involving an IFRAME element with a SRC attribute. Successful exploitation could allow a remote ...

oval:org.secpod.oval:def:1244
The host is installed with Microsoft Internet Explorer and is prone to a cookiejacking vulnerability. A flaw is present in the application, which allows remote attackers to read cookie files via vectors involving an IFRAME element. Successful exploitation could allow an attacker to disclose sensitiv ...

oval:org.secpod.oval:def:1223
The host is installed with Microsoft Internet Explorer and is prone to cookiejacking vulnerability. A flaw is present in the application, which fails to properly restrict cross-zone drag-and-drop actions. Successful exploitation allow user-assisted remote attackers to read cookie files.

oval:org.secpod.oval:def:1762
The host is missing a Critical security update according to Microsoft security bulletin MS11-057. The update is required to fix multilple vulnerabilities. The flaws are present in the browser, which fails to access an object that has not been properly initialized or has been deleted. Successful expl ...

oval:org.secpod.oval:def:14824
The host is installed with Internet Explorer 7, 8, 9 or 10 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which fails to properly access an object in memory. Successful exploitation allows attackers to elevate the privileges of a process that is launched ...

oval:org.secpod.oval:def:14825
The host is missing a critical security update according to Microsoft bulletin, MS13-059. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly access an object in memory. Successful exploitation allows attackers to execute arbitrar ...

oval:org.secpod.oval:def:9711
The host is missing a critical security update according to Microsoft bulletin, MS13-012 and is prone to multiple use after free vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9715
The host is installed with Internet Explorer 6,7,8,9 or 10 and is prone to a CCaret use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9717
The host is installed with Internet Explorer 6,7,8,9 or 10 and is prone to a GetMarkupPtr use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9718
The host is installed with Internet Explorer 6,7,8,9 or 10 and is prone to a use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9720
The host is installed with Internet Explorer 6,7,8,9 or 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9713
The host is installed with Internet Explorer 6,7,8,9 or 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9712
The host is installed with Internet Explorer 6,7,8,9 or 10 and is prone to an onresize use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9714
The host is installed with Internet Explorer 6,7,8,9 or 10 and is prone to a CMarkupBehaviorContext use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9297
The host is missing a critical security update according to Microsoft security bulletin, MS13-009. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary ...

oval:org.secpod.oval:def:9296
The host is installed with Internet Explorer 6, 7, 8, 9 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9282
The host is missing a critical security update according to Microsoft security bulletin, MS13-010. The update is required to fix remote code execution vulnerability. A flaw is present in the microsoft implementation of Vector Markup Language, which fails to handle a specially crafted webpage. Succes ...

oval:org.secpod.oval:def:9283
The host is installed with Internet Explorer 6 or 7 or 8 or 9 or 10 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle a specially crafted webpage. Successful exploitation could allow an attacker to gain the same user rights as the current us ...

oval:org.secpod.oval:def:9287
The host is installed with Internet Explorer 7, 8, 9 or 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:8322
The host is installed with Internet Explorer 6, Internet Explorer 7 or Internet Explorer 8 and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to properly handle object in memory. Successful exploitation could allow attackers to execute arbitrary co ...

oval:org.secpod.oval:def:8321
The host is missing a critical security update according to Microsoft Security Bulletin, MS13-008. The update is required to fix remote code execution vulnerability. A flaw is present in the application, which fails to properly handle object in memory. Successful exploitation could allow attackers t ...

oval:org.secpod.oval:def:8197
The host is missing a critical security update according to Microsoft security bulletin MS12-077. The update is required to fix multiple use-after-free vulnerabilities. The flaws are present in the application, which fails to handle a deleted object. Successful exploitation could allow attackers to ...

oval:org.secpod.oval:def:6036
The host is installed with Internet Explorer 6 through 8 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle an object that has been deleted. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:6035
The host is installed with Internet Explorer 6 through 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle an object that has been deleted. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:6048
The host is installed with Internet Explorer 6 through 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle an object that has been deleted. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:6047
The host is installed with Internet Explorer 6 through 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle an object that has been deleted. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:6046
The host is installed with Internet Explorer 6 through 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:6049
The host is installed with Internet Explorer 6 through 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:6043
The host is installed with Internet Explorer 7 through 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly create and initialize string data. Successful exploitation could allow attackers to obtain sensitive information from process ...

oval:org.secpod.oval:def:6042
The host is installed with Internet Explorer 6 through 9 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to handle crafted character sequences with EUC-JP encoding. Successful exploitation could allow attackers to inject arbitrary web script or ...

oval:org.secpod.oval:def:6051
The host is installed with Internet Explorer 6 through 9 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to block cross-domain scrolling events. Successful exploitation could allow attackers to read content from a different domain or zone.

oval:org.secpod.oval:def:6052
The host is missing a critical security update according to Microsoft security bulletin, MS12-037. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails sanitize malicious input. Successful exploitation could allow attackers to execute arbitrar ...

oval:org.secpod.oval:def:1198
The host is missing a Critical security update according to Microsoft security bulletin MS11-050. The update is required to fix multilple vulnerabilities. The flaws are present in the browser, which fails to access an object that has not been properly initialized or has been deleted. Successful expl ...

oval:org.secpod.oval:def:1201
The host is installed with Microsoft Internet Explorer and is prone information disclosure vulnerability. A flaw is present in the browser, which fails to handle a crafted Web page. Successful exploitation could allow remote attackers to execute arbitrary code or gain sensitive information.

oval:org.secpod.oval:def:705
The host is installed with Microsoft Internet Explorer and is prone to information disclosure vulnerability. A flaw is present in the browser, which fails to handle malicious web pages. Successful exploitation could allow remote attackers to obtain sensitive information.

oval:org.secpod.oval:def:821
The host is missing a Critical security update according to Microsoft security bulletin, MS11-018. The update is required to fix multiple remote code execution vulnerabilities in Microsoft Internet Explorer. The flaws are present in the browser, which fails to implement appropriate memory protection ...

oval:org.secpod.oval:def:706
The host is installed with Microsoft Internet Explorer and is prone to layouts handling memory corruption vulnerability. A flaw is present in the browser, which fails to handle objects that have not been correctly initialized or has been deleted. Successful exploitation could allow remote attackers ...

oval:org.secpod.oval:def:79
The host is installed with Microsoft Internet Explorer is prone to uninitialized memory corruption vulnerability. A flaw is present in the application, which fails to properly handle an object that has not been correctly initialized or has been deleted. Successful exploitation could allow attackers ...

oval:org.secpod.oval:def:80
The host is installed with Microsoft Internet Explorer is prone to uninitialized memory corruption vulnerability. A flaw is present in the application, which fails to properly handle an object that has not been correctly initialized or has been deleted. Successful exploitation could allow attackers ...

oval:org.secpod.oval:def:1049
The host is missing a critical security update according to Microsoft security bulletin, MS11-003. The update is required to fix memory corruption vulnerability in Microsoft Internet Explorer. A flaw is present in the application, which fails to properly handle memory access. Successful exploitation ...

oval:org.secpod.oval:def:43
The host is installed with Microsoft Internet Explorer and is prone to remote code execution vulnerability. A flaw is present in the ReleaseInterface function in mshtml.dll file, which fails to handle objects that have not been correctly initialized or has been deleted. Successful exploitation could ...

oval:org.mitre.oval:def:12204
Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability."

oval:org.secpod.oval:def:1561
The host is missing a critical security update according to Microsoft security bulletin, MS10-090. The update is required to fix multiple vulnerabilities. Multiple flaws are present in the Internet Explorer, which fails to handle objects in memory and script. Successful exploitation could allow an a ...

oval:org.mitre.oval:def:6928
Microsoft Internet Explorer 6 through 8 does not properly restrict script access to content from a different (1) domain or (2) zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Cross-Domain Information Disclosure Vulnerability."

oval:org.mitre.oval:def:7410
Microsoft Internet Explorer 6 through 8 does not properly handle unspecified special characters in Cascading Style Sheets (CSS) documents, which allows remote attackers to obtain sensitive information from a different (1) domain or (2) zone via a crafted web site, aka "CSS Special Character Informat ...

oval:org.mitre.oval:def:7417
The implementation of HTML content creation in Microsoft Internet Explorer 6 through 8 does not remove the Anchor element during pasting and editing, which might allow remote attackers to obtain sensitive deleted information by visiting a web page, aka "Anchor Element Information Disclosure Vulnerab ...

oval:org.mitre.oval:def:7482
mshtmled.dll in Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code via a crafted Microsoft Office document that causes the HtmlDlgHelper class destructor to access uninitialized memory, aka "Uninitialized Memory Corruption Vulnerability."

oval:org.mitre.oval:def:6832
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory in certain circumstances involving use of Microsoft Word to read Word documents, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, ...

oval:org.mitre.oval:def:6889
Microsoft Internet Explorer 6 and 7 on Windows XP and Vista does not prevent script from simulating user interaction with the AutoComplete feature, which allows remote attackers to obtain sensitive form information via a crafted web site, aka "AutoComplete Information Disclosure Vulnerability."

oval:org.mitre.oval:def:7406
Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, related to the CStyleSheet object and a free of the root container, aka "Memory Corrupti ...

oval:org.secpod.oval:def:1216
The host is missing a Critical security update according to Microsoft security bulletin, MS10-053. The update is required to fix multiple vulnerabilities. Flaws are present in the Internet Explorer which fails to properly access an object that has not been correctly initialized or has been deleted.. ...

oval:org.mitre.oval:def:11954
Microsoft Internet Explorer 6, 7, and 8 does not properly determine the origin of script code, which allows remote attackers to execute script in an unintended domain or security zone, and obtain sensitive information, via unspecified vectors, aka "Event Handler Cross-Domain Vulnerability."

oval:org.secpod.oval:def:2669
The host is missing a critical security update according to Microsoft security bulletin, MS10-035. The update is required to fix multiple vulnerabilities. Flaws are present in the Internet Explorer, which fails to handle objects in memory, sanitize HTML scripts and improper data caching. Successful ...

oval:org.mitre.oval:def:7324
Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."

oval:org.secpod.oval:def:2032
The host is missing a critical security update according to Microsoft security bulletin, MS10-018. The update is required to fix multiple vulnerabilities. Flaws are present in the Internet Explorer, which fails to verify the origin of scripts and handle objects in memory and improper validation of l ...

oval:org.mitre.oval:def:7840
Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not properly handle unspecified "encoding strings," which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site, aka "Post Encoding Information Disclosure Vulnerability."

oval:org.mitre.oval:def:8302
Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulner ...

oval:org.mitre.oval:def:8532
Microsoft Internet Explorer 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, leading to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."

oval:org.mitre.oval:def:8554
Microsoft Internet Explorer 6, 6 SP1, and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerabi ...

oval:org.mitre.oval:def:8553
Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted HTML document in a situation where the client user drags one browser window across another ...

oval:org.mitre.oval:def:7774
Race condition in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Race Condition Memory Corruption Vulnerability."

oval:org.mitre.oval:def:8446
Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, ak ...

oval:org.mitre.oval:def:7145
Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving JavaScript exploit code that constructs a reference to a ...

oval:org.secpod.oval:def:2513
The host is missing an critical security update according to Microsoft security bulletin, MS09-072. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the Internet Explorer, which fails to handle objects in memory. Successful exploitation allows an att ...

oval:org.mitre.oval:def:6519
Microsoft Internet Explorer 7 and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."

oval:org.mitre.oval:def:6570
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a diffe ...

oval:org.mitre.oval:def:6382
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a diffe ...

oval:org.mitre.oval:def:6381
Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory that (1) were not properly initialized or (2) are deleted, which allows remote attackers to execute arbitrary code via vectors involving a call to the getElementsByTagName method for the STYLE tag name, selection of the s ...

oval:org.secpod.oval:def:2514
The host is missing a critical security update according to Microsoft security bulletin, MS09-054. The update is required to fix remote code execution vulnerabilities. The flaws are present in the Internet Explorer, which fails to handle a specially crafted Web page. Successful exploitation allows a ...

oval:org.mitre.oval:def:6190
Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulner ...

oval:org.mitre.oval:def:5766
Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulner ...

oval:org.mitre.oval:def:6419
Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not properly handle argument validation for unspecified variables, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Component Handling Vulnerability."

oval:org.mitre.oval:def:6454
Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream header that triggers memory corruption, aka "Data Stream Header Corruption Vulnerability."

oval:org.mitre.oval:def:5660
Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle attempts to access deleted obje ...

oval:org.secpod.oval:def:2375
The host is missing a critical security update according to Microsoft security bulletin, MS09-034. The update is required to fix remote code execution vulnerabilities. The flaws are present in the Internet Explorer, which fails to handle a specially crafted Web page. Successful exploitation allows a ...

oval:org.mitre.oval:def:5524
Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle table operations, which allows ...

oval:org.mitre.oval:def:6072
Microsoft Internet Explorer 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle attempts to access deleted objects in memory ...

oval:org.mitre.oval:def:6308
Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code via frequent calls to the getElementsByTagName function combined with the creation of an object during reorderi ...

oval:org.mitre.oval:def:6295
Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by calling the setCapture method on a collection of crafted o ...

oval:org.mitre.oval:def:6294
Use-after-free vulnerability in Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code by repeatedly adding HTML document nodes and calling event handlers, which trig ...

oval:org.mitre.oval:def:6278
Microsoft Internet Explorer 5.01 SP4; 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not prevent HTML rendering of cached content, which allows remote attackers to bypass the Same Origin Policy via unspecified ve ...

oval:org.mitre.oval:def:6260
Microsoft Internet Explorer 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly synchronize AJAX requests, which allows allows remote attackers to execute arbitrary code via a large number of concurrent, asynchr ...

oval:org.mitre.oval:def:6081
Microsoft Internet Explorer 7, when XHTML strict mode is used, allows remote attackers to execute arbitrary code via the zoom style directive in conjunction with unspecified other directives in a malformed Cascading Style Sheets (CSS) stylesheet in a crafted HTML document, aka "CSS Memory Corruption ...

oval:org.secpod.oval:def:2360
The host is missing a critical security update according to Microsoft security bulletin, MS09-002. The update is required to fix remote code execution vulnerability in Microsoft Windows Internet Explorer. A flaw is present in the Windows Internet Explorer, which fails to handle Cascading Style Sheet ...

oval:org.mitre.oval:def:5903
Microsoft Internet Explorer 7 sometimes attempts to access a deleted object, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Uninitialized Memory Corruption Vulnerability."

oval:org.mitre.oval:def:5706
Microsoft Internet Explorer 7 sometimes attempts to access uninitialized memory locations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, related to a WebDAV request for a file with a long name, aka "HTML Objects Memory Corruption ...

oval:org.secpod.oval:def:3052
The host is missing a critical security update according to Microsoft security bulletin, MS08-073. The update is required to fix multiple remote code execution vulnerabilities. The flaws are present in Internet Explorer, which fails to handle a specially crafted Web page. Successful exploitation all ...

oval:org.mitre.oval:def:13299
Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy and obtain sensitive information via a crafted HTML document, aka "Cross-Domain Information Disclosur ...

oval:org.mitre.oval:def:12364
Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka "HTML E ...

oval:org.mitre.oval:def:5291
The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 5.01, 6, and 7 does not block dangerous HTTP request headers when certain 8-bit character sequences are appended to a header name, which allows remote attackers to (1) conduct HTTP request splitting and HTTP requ ...

oval:org.secpod.oval:def:2624
The host is missing a critical security update according to Microsoft bulletin, MS08-031. The update is required to fix multiple remote code execution vulnerabilities. The flaws are present in the application, which fails to handle a specially crafted web page. Successful exploitation could allow at ...

oval:org.mitre.oval:def:6041
Race condition in Microsoft Internet Explorer 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code or perform other actions upon a page transition, with the permissions of t ...

oval:org.secpod.oval:def:1455
The host is missing a critical security update according to Microsoft security bulletin, MS10-071. The update is required to fix multiple vulnerabilities. Multiple flaws are present in Microsoft Internet Explorer, which fails to handle unspecified special characters in CSS documents. Successful expl ...

oval:org.mitre.oval:def:7059
Use-after-free vulnerability in the CAttrArray::PrivateFind function in mshtml.dll in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code by setting an unspecified property of a stylesheet object, aka "Uninitialized Memory Corruption Vulnerability."

oval:org.secpod.oval:def:2628
The host is missing a critical security update according to Microsoft bulletin, MS08-010. The update is required to fix multple remote code execution vulnerabilities. A flaw is present in the application, which fails to handle specially crafted Web page. Successful exploitation could allow attackers ...

oval:org.mitre.oval:def:5396
Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, and and 7 allows remote attackers to execute arbitrary code by assigning malformed values to certain properties, as demonstrated using the by property of an animateMotion SVG element, aka "Property Memory Corruption Vulnerabil ...

oval:org.secpod.oval:def:2653
The host is missing a critical security update according to Microsoft security bulletin, MS09-019. The update is required to fix Information Disclosure Vulnerability. A flaw is present in Internet Explorer, which fails to handle a specially crafted Web page. Successful exploitation could allow an at ...

oval:org.secpod.oval:def:2631
The host is missing a critical security update according to Microsoft bulletin, MS08-058. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle a crafted web page. Successful exploitation could allow attackers to execute arbitrary cod ...

oval:org.secpod.oval:def:24879
The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ...

oval:org.secpod.oval:def:24880
The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ...

oval:org.secpod.oval:def:24883
The host is missing a critical security update according to Microsoft security bulletin, MS15-066. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the application, which improperly accesses objects in memory. Successful exploitation could allow atta ...

oval:org.secpod.oval:def:24859
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ...

oval:org.secpod.oval:def:24860
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ...

oval:org.secpod.oval:def:24861
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ...

oval:org.secpod.oval:def:24862
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ...

oval:org.secpod.oval:def:24863
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ...

oval:org.secpod.oval:def:24864
The host is installed with Internet Explorer 6, 7, 8, or 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user.

oval:org.mitre.oval:def:8267
Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerab ...

oval:org.secpod.oval:def:2031
The host is missing a critical security update according to Microsoft security bulletin, MS10-002. The update is required to fix multiple vulnerabilities. Flaws are present in the Internet Explorer which fails to handle objects in memory, input parameters and HTML attributes. Successful exploitation ...

oval:org.mitre.oval:def:8186
Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulner ...

oval:org.mitre.oval:def:6835
Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code by accessing a ...

oval:org.mitre.oval:def:8464
The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a cra ...

oval:org.mitre.oval:def:6069
Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) ...

oval:org.mitre.oval:def:8509
Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows ...

oval:org.mitre.oval:def:6108
Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows ...

oval:org.mitre.oval:def:6164
Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 does not properly handle transition errors in a request for one HTTP document followed by a request for a second HTTP docume ...

oval:org.secpod.oval:def:2370
The host is missing a critical security update according to Microsoft security bulletin, MS09-014. The update is required to fix remote code execution vulnerabilities. A flaw is present in the Windows Internet Explorer, which fails to handle specially crafted Web page. Successful exploitation could ...

oval:org.mitre.oval:def:5723
Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory tha ...

oval:org.mitre.oval:def:6233
Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vis ...

oval:org.mitre.oval:def:7569
Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vis ...

oval:org.secpod.oval:def:25888
The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current u ...

oval:org.secpod.oval:def:25889
The host is missing a critical security update according to Microsoft security bulletin, MS15-093. The update is required to fix a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to exec ...

oval:org.secpod.oval:def:25836
The host is missing a critical security update according to Microsoft security bulletin, MS15-079. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute a ...

oval:org.secpod.oval:def:25823
The host is installed with Microsoft Excel 2007, 2010, 2013, Powerpoint 2007, 2010, 2013, Visio 2007, 2010, 2013, Word 2007, 2010, 2013, Internet Explorer 7, 8, 9, 10 or 11, Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, Windows Vista, 7, 8, 8.1 or 10 and is prone to an unsafe command line p ...

oval:org.secpod.oval:def:25824
The host is installed with Internet Explorer 7, 8, 9, 10, 11 or Microsoft Edge on Microsoft Windows 10 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle crafted data. Successful exploitation could allow attackers to execute arbitr ...

oval:org.secpod.oval:def:25825
The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to an ASLR bypass vulnerability. A flaw is present in the application, which fails to properly use ASLR security feature. Successful exploitation could allow attackers to bypass the Address Space Layout Randomization.

oval:org.secpod.oval:def:26523
The host is installed with Microsoft Edge on Microsoft Windows 10 or Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly access objects in memory. Successful exploitation could allow attackers to execute ...

oval:org.secpod.oval:def:26522
The host is missing a critical security update according to Microsoft security bulletin, MS15-094. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle a specially crafted webpage. Successful exploitation could allow attacke ...

oval:org.secpod.oval:def:26524
The host is installed with Microsoft Edge on Microsoft Windows 10 or Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly access objects in memory. Successful exploitation could allow attackers to execute ...

oval:org.secpod.oval:def:26509
The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curr ...

oval:org.secpod.oval:def:26508
The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curr ...

oval:org.secpod.oval:def:26510
The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curr ...

oval:org.secpod.oval:def:30021
The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as th ...

oval:org.secpod.oval:def:30019
The host is missing a critical security update according to Microsoft bulletin, MS15-106. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities ...

oval:org.secpod.oval:def:30985
The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as th ...

oval:org.secpod.oval:def:30986
The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as th ...

oval:org.secpod.oval:def:30987
The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as th ...

oval:org.secpod.oval:def:30982
The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as th ...

oval:org.secpod.oval:def:30983
The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as th ...

oval:org.secpod.oval:def:30984
The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as th ...

oval:org.secpod.oval:def:31007
The host is missing a critical security update according to Microsoft security bulletin, MS15-112. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to exec ...

oval:org.secpod.oval:def:31751
The host is missing a critical security update according to Microsoft security bulletin, MS15-124. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle a specially crafted webpage. Successful exploitation could allow attacke ...

oval:org.secpod.oval:def:31716
The host is installed with Microsoft Edge, Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same u ...

oval:org.secpod.oval:def:31717
The host is installed with Microsoft Edge, Internet Explorer 7, 8, 9, 10 or 11 and is prone to an ASLR bypass vulnerability. A flaw is present in the applications, which fail to properly access objects in memory. An attacker who successfully exploited it could bypass the Address Space Layout Randomi ...

oval:org.secpod.oval:def:24274
The host is installed with Microsoft IE 11, Edge, Mozilla Firefox before 44.0 or Google Chrome before 48.0.2564.82 and is prone to a bar mitzvah attack vulnerability. A flaw is present in the RC4 algorithm, which does not properly combine state data with key data during the initialization phase. Suc ...

CVE    126
CVE-2009-3671
CVE-2009-3673
CVE-2009-3674
CVE-2007-2216
...
CCE    154
CCE-3997-4
CCE-3853-9
CCE-18467-1
CCE-3590-7
...
*CPE
cpe:/a:microsoft:ie:7
XCCDF    1
xccdf_gov.nist_benchmark_USGCB-ie7

© SecPod Technologies