Internet Explorer Vulnerabilities in 2006
| KEY: | | Browser vulnerability publicly disclosed | | Browser vulnerability actively exploited |
| December 2005 | Dec. 27: MS06-001 (CVE-2005-4560) - 0day in Windows Metafile Format (WMF). Patch issued Jan. 5. | | | |
| January 2006 | Jan. 7: MS06-004 (CVE-2006-0020) - Proof of concept for Windows Metafile Format flaw. Patch issued Feb. 14. | | |
| February 2006 | | | |
| March 2006 | | | Mar. 16: MS06-013 (CVE-2006-1245) - Proof of concept exploit for IE Microsoft Internet Explorer 6.0.2900.2180 (mshtml.dll). Patch issued Apr. 11. | |
| | Mar. 22: MS06-013 (CVE-2006-1359) - Proof of concept exploit for Microsoft Internet Explorer 6 and 7 Beta 2. Patch issued Apr. 11. |
| April 2006 | | |
| May 2006 | May 31: MS06-043 (CVE-2006-2766) - Proof of concept exploit for MHTML Parsing Vulnerability in IE. Patch issued Aug. 8. | | | |
| June 2006 | | | |
| July 2006 | July 18: MS06-043 (CVE-2006-2766) - Proof of concept code for Microsoft Internet Explorer 6 on Windows XP SP2 (setslice). | | |
| August 2006 | Aug. 27: MS06-067 (CVE-2006-4446) - Proof of Concept exploit for Microsoft Internet Explorer 6.0 SP1 (DIRECT ANIMATION). Patch issued Nov. 14. | |
| September 2006 | | Sept. 13: MS06-067 (CVE-2006-4777) - 0day flaw in Internet Explorer 6.0 SP1 (daxctle.ocx). Patch issued Nov. 14. |
| Sept. 18: MS06-057 (CVE-2006-3730) - IE 0day Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0. Patch issued Sept. 26. |
| Sept. 26: Exploited in the wild. Patch issued Oct. 10. |
| October 2006 | |
| Oct. 24: CVE-2006-5559 - ADODB.Connection 2.7 and 2.8 ActiveX control objects in Internet Explorer 6.0 Unpatched. | |
| November 2006 | Nov. 3: MS06-071 (CVE-2006-5745) - 0day: IE-related (not installed by default on Windows). Patched Dec. 14. |
| December 2006 | | |
Compiled by Brian Krebs, washingtonpost.com - January 4, 2007
© 2006 The Washington Post Company
