Internet Explorer (IE) Microsoft Internet Explorer (IE) Popular web browser for windows

  1. Vendors
  2. Microsoft
  3. Internet Explorer (IE)

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Microsoft Internet Explorer (IE).

Recent Microsoft Internet Explorer (IE) Security Advisories

Advisory Title Published
CVE-2025-21326 CVE-2025-21326 Internet Explorer Remote Code Execution Vulnerability January 14, 2025

EOL Dates

Ensure that you are using a supported version of Microsoft Internet Explorer (IE). Here are some end of life, and end of support dates for Microsoft Internet Explorer (IE).

Release EOL Date Status
11-embedded October 14, 2031
Active

Microsoft Internet Explorer (IE) 11-embedded will become EOL in 5 years (in 2031).
11-server October 14, 2031
Active

Microsoft Internet Explorer (IE) 11-server will become EOL in 5 years (in 2031).
11-ltsc October 14, 2031
Active

Microsoft Internet Explorer (IE) 11-ltsc will become EOL in 5 years (in 2031).
11-ltsb October 14, 2031
Active

Microsoft Internet Explorer (IE) 11-ltsb will become EOL in 5 years (in 2031).
11 June 14, 2022
EOL

Microsoft Internet Explorer (IE) 11 became EOL in 2022.
10 January 31, 2020
EOL

Microsoft Internet Explorer (IE) 10 became EOL in 2020.
9 January 12, 2016
EOL

Microsoft Internet Explorer (IE) 9 became EOL in 2016.
8 January 12, 2016
EOL

Microsoft Internet Explorer (IE) 8 became EOL in 2016.
7 October 10, 2023
EOL

Microsoft Internet Explorer (IE) 7 became EOL in 2023.

By the Year

In 2026 there have been 0 vulnerabilities in Microsoft Internet Explorer (IE). Last year, in 2025 Internet Explorer (IE) had 2 security vulnerabilities published. Right now, Internet Explorer (IE) is on track to have less security vulnerabilities in 2026 than it did last year.




Year Vulnerabilities Average Score
2026 0 0.00
2025 2 7.65
2024 2 7.50
2023 1 6.50
2022 0 0.00
2021 2 8.80
2020 22 7.29
2019 28 6.98
2018 46 6.70

It may take a day or so for new Internet Explorer (IE) vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Internet Explorer (IE) Security Vulnerabilities

Transient DOS via Incorrect Cipher Key in OTA Registration (IE)
CVE-2024-49847 7.5 - High - May 06, 2025

Transient DOS while processing of a registration acceptance OTA due to incorrect ciphering key data IE.

Out-of-bounds Read

Jan 2025: Internet Explorer Remote Code Execution Vulnerability
CVE-2025-21326 7.8 - High - January 14, 2025

Internet Explorer Remote Code Execution Vulnerability

Object Type Confusion

Internet Explorer Transient DOS via TID-to-Link Mapping IE Elements
CVE-2024-33020 7.5 - High - August 05, 2024

Transient DOS while processing TID-to-link mapping IE elements.

Transient DoS via IE file parser (len=1)
CVE-2023-43536 7.5 - High - February 06, 2024

Transient DOS while parse fils IE with length equal to 1.

Windows MSHTML Security Feature Bypass (CVE-2023-29324)
CVE-2023-29324 6.5 - Medium - May 09, 2023

Windows MSHTML Platform Security Feature Bypass Vulnerability

Mar 2021: Internet Explorer Remote Code Execution Vulnerability
CVE-2021-27085 8.8 - High - March 11, 2021

Internet Explorer Remote Code Execution Vulnerability

Mar 2021: Internet Explorer Memory Corruption Vulnerability
CVE-2021-26411 8.8 - High - March 11, 2021

Internet Explorer Memory Corruption Vulnerability

Dangling pointer

Nov 2020: Scripting Engine Memory Corruption Vulnerability
CVE-2020-17052 7.5 - High - November 11, 2020

Scripting Engine Memory Corruption Vulnerability

Nov 2020: Internet Explorer Memory Corruption Vulnerability
CVE-2020-17053 7.5 - High - November 11, 2020

Internet Explorer Memory Corruption Vulnerability

Nov 2020: Microsoft Browser Memory Corruption Vulnerability
CVE-2020-17058 7.5 - High - November 11, 2020

Microsoft Browser Memory Corruption Vulnerability

Sep 2020: Microsoft Browser Memory Corruption Vulnerability
CVE-2020-0878 4.2 - Medium - September 11, 2020

<p>A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers, and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically via an enticement in email or instant message, or by getting them to open an email attachment.</p> <p>The security update addresses the vulnerability by modifying how Microsoft browsers handle objects in memory.</p>

Memory Corruption

Sep 2020: WinINet API Elevation of Privilege Vulnerability
CVE-2020-1012 8.8 - High - September 11, 2020

<p>An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.</p> <p>There are multiple ways an attacker could exploit the vulnerability:</p> <ul> <li><p>In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email.</p> </li> <li><p>In a file sharing attack scenario, an attacker could provide a specially crafted document file that is designed to exploit this vulnerability, and then convince a user to open the document file.</p> </li> </ul> <p>The security update addresses the vulnerability by ensuring the Wininit.dll properly handles objects in memory.</p>

Aug 2020: Scripting Engine Memory Corruption Vulnerability
CVE-2020-1380 7.8 - High - August 17, 2020

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked &quot;safe for initialization&quot; in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.

Memory Corruption

Jun 2020:
CVE-2020-1260 - June 09, 2020

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1213, CVE-2020-1214, CVE-2020-1215, CVE-2020-1216, CVE-2020-1230.

Jun 2020:
CVE-2020-1213 - June 09, 2020

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1214, CVE-2020-1215, CVE-2020-1216, CVE-2020-1230, CVE-2020-1260.

Jun 2020:
CVE-2020-1214 - June 09, 2020

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1213, CVE-2020-1215, CVE-2020-1216, CVE-2020-1230, CVE-2020-1260.

Jun 2020:
CVE-2020-1215 - June 09, 2020

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1213, CVE-2020-1214, CVE-2020-1216, CVE-2020-1230, CVE-2020-1260.

Jun 2020:
CVE-2020-1216 - June 09, 2020

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1213, CVE-2020-1214, CVE-2020-1215, CVE-2020-1230, CVE-2020-1260.

Jun 2020:
CVE-2020-1219 - June 09, 2020

A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'.

Jun 2020:
CVE-2020-1230 - June 09, 2020

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1213, CVE-2020-1214, CVE-2020-1215, CVE-2020-1216, CVE-2020-1260.

May 2020:
CVE-2020-1058 - May 21, 2020

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1035, CVE-2020-1060, CVE-2020-1093.

May 2020:
CVE-2020-1092 - May 21, 2020

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1062.

May 2020:
CVE-2020-1093 - May 21, 2020

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1035, CVE-2020-1058, CVE-2020-1060.

May 2020:
CVE-2020-1035 - May 21, 2020

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1058, CVE-2020-1060, CVE-2020-1093.

May 2020:
CVE-2020-1064 - May 21, 2020

A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input.An attacker could execute arbitrary code in the context of the current user, aka 'MSHTML Engine Remote Code Execution Vulnerability'.

May 2020:
CVE-2020-1062 - May 21, 2020

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1092.

May 2020:
CVE-2020-1060 - May 21, 2020

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1035, CVE-2020-1058, CVE-2020-1093.

Apr 2020:
CVE-2020-0968 7.5 - High - April 15, 2020

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0970.

Memory Corruption

Feb 2020:
CVE-2020-0674 7.5 - High - February 11, 2020

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767.

Dangling pointer

Nov 2019:
CVE-2019-1429 7.5 - High - November 12, 2019

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1427, CVE-2019-1428.

Dangling pointer

Nov 2019:
CVE-2019-1390 - November 12, 2019

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'.

Oct 2019:
CVE-2019-1371 - October 10, 2019

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'.

Oct 2019:
CVE-2019-1357 - October 10, 2019

A spoofing vulnerability exists when Microsoft Browsers improperly handle browser cookies, aka 'Microsoft Browser Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0608.

Oct 2019:
CVE-2019-1239 - October 10, 2019

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1238.

Oct 2019:
CVE-2019-1238 - October 10, 2019

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1239.

Sep 2019:
CVE-2019-1367 7.5 - High - September 23, 2019

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1221.

Memory Corruption

Sep 2019:
CVE-2019-1221 - September 11, 2019

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'.

Sep 2019:
CVE-2019-1236 - September 11, 2019

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1208.

Sep 2019:
CVE-2019-1220 - September 11, 2019

A security feature bypass vulnerability exists when Microsoft Browsers fail to validate the correct Security Zone of requests for specific URLs, aka 'Microsoft Browser Security Feature Bypass Vulnerability'.

Sep 2019:
CVE-2019-1208 - September 11, 2019

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1236.

Aug 2019: Scripting Engine Memory Corruption Vulnerability
CVE-2019-1133 7.5 - High - August 14, 2019

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked &quot;safe for initialization&quot; in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.

Aug 2019: Microsoft Browsers Security Feature Bypass Vulnerability
CVE-2019-1192 4.3 - Medium - August 14, 2019

A security feature bypass vulnerability exists when Microsoft browsers improperly handle requests of different origins. The vulnerability allows Microsoft browsers to bypass Same-Origin Policy (SOP) restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploited the vulnerability could force the browser to send data that would otherwise be restricted. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers and then convince a user to view the website. The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how affected Microsoft browsers handle different-origin requests.

Aug 2019: Scripting Engine Memory Corruption Vulnerability
CVE-2019-1194 7.5 - High - August 14, 2019

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked &quot;safe for initialization&quot; in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.

Code Injection

Aug 2019: Microsoft Browser Memory Corruption Vulnerability
CVE-2019-1193 6.4 - Medium - August 14, 2019

A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers, and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically via an enticement in email or instant message, or by getting them to open an email attachment. The security update addresses the vulnerability by modifying how Microsoft browsers handle objects in memory.

Memory Corruption

Jul 2019:
CVE-2019-1104 - July 15, 2019

A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'.

Jul 2019:
CVE-2019-1059 - July 15, 2019

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1001, CVE-2019-1004, CVE-2019-1056.

Jul 2019:
CVE-2019-1001 - July 15, 2019

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1004, CVE-2019-1056, CVE-2019-1059.

Jul 2019:
CVE-2019-1004 - July 15, 2019

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1001, CVE-2019-1056, CVE-2019-1059.

Jul 2019:
CVE-2019-1056 - July 15, 2019

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1001, CVE-2019-1004, CVE-2019-1059.

Jun 2019: Scripting Engine Memory Corruption Vulnerability
CVE-2019-1005 7.5 - High - June 12, 2019

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website designed to exploit the vulnerability through a Microsoft browser and then convince a user to view the website. An attacker could also embed an ActiveX control marked &quot;safe for initialization&quot; in an application or Microsoft Office document that hosts the browser rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Microsoft Internet Explorer (IE) or by Microsoft? Click the Watch button to subscribe.

Microsoft
Vendor

Microsoft Internet Explorer (IE)
Popular web browser for windows

subscribe