Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-0722 | 1 Microsoft | 1 Internet Explorer | 2021-07-23 | 6.4 MEDIUM | N/A |
| Internet Explorer 5.5 and 6.0 allows remote attackers to read and modify user cookies via Javascript in an about: URL, aka the "First Cookie Handling Vulnerability." | |||||
| CVE-2001-0875 | 1 Microsoft | 1 Internet Explorer | 2021-07-23 | 7.5 HIGH | N/A |
| Internet Explorer 5.5 and 6.0 allows remote attackers to cause the File Download dialogue box to misrepresent the name of the file in the dialogue in a way that could fool users into thinking that the file type is safe to download. | |||||
| CVE-2001-0904 | 1 Microsoft | 1 Internet Explorer | 2021-07-23 | 5.0 MEDIUM | N/A |
| Internet Explorer 5.5 and 6 with the Q312461 (MS01-055) patch modifies the HTTP_USER_AGENT (UserAgent) information that indicates that the patch has been installed, which could allow remote malicious web sites to more easily identify and exploit vulnerable clients. | |||||
| CVE-2001-0723 | 1 Microsoft | 1 Internet Explorer | 2021-07-23 | 6.4 MEDIUM | N/A |
| Internet Explorer 5.5 and 6.0 allows remote attackers to read and modify user cookies via Javascript, aka the "Second Cookie Handling Vulnerability." | |||||
| CVE-2001-1450 | 1 Microsoft | 1 Internet Explorer | 2021-07-23 | 2.6 LOW | N/A |
| Microsoft Internet Explorer 5.0 through 6.0 allows attackers to cause a denial of service (browser crash) via a crafted FTP URL such as "/.#./". | |||||
| CVE-2004-2011 | 1 Microsoft | 1 Internet Explorer | 2021-07-23 | 2.6 LOW | N/A |
| msxml3.dll in Internet Explorer 6.0.2600.0 allows remote attackers to cause a denial of service (crash) via a single & (ampersand) in a <Ref href> link, which triggers a parsing error, possibly due to missing portions of the URI. | |||||
| CVE-2004-2307 | 1 Microsoft | 2 Internet Explorer, Windows Xp | 2021-07-23 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 6.0.2600 on Windows XP allows remote attackers to cause a denial of service (browser crash) via a shell: URI with double backslashes (\\) in an HTML tag such as IFRAME or A. | |||||
| CVE-2010-0805 | 1 Microsoft | 3 Internet Explorer, Windows 2000, Windows Xp | 2021-07-23 | 9.3 HIGH | N/A |
| The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1 allows remote attackers to execute arbitrary code via a long URL (DataURL parameter) that triggers memory corruption in the CTDCCtl::SecurityCHeckDataURL function, aka "Memory Corruption Vulnerability." | |||||
| CVE-2010-0491 | 1 Microsoft | 5 Internet Explorer, Windows 2000, Windows 2003 Server and 2 more | 2021-07-23 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 allows remote attackers to execute arbitrary code by changing unspecified properties of an HTML object that has an onreadystatechange event handler, aka "HTML Object Memory Corruption Vulnerability." | |||||
| CVE-2008-1086 | 1 Microsoft | 6 Internet Explorer, Windows-nt, Windows 2000 and 3 more | 2021-07-23 | 9.3 HIGH | N/A |
| The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption. | |||||
| CVE-2007-0944 | 1 Microsoft | 5 Ie, Internet Explorer, Windows 2000 and 2 more | 2021-07-23 | 9.3 HIGH | N/A |
| Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; and 6 on Windows XP SP2, or Windows Server 2003 SP1 or SP2 allows remote attackers to execute arbitrary code by calling deleteCell on a named table row in a named table column, then accessing the column, which causes Internet Explorer to access previously deleted objects, aka the "Uninitialized Memory Corruption Vulnerability." | |||||
| CVE-2006-4687 | 1 Microsoft | 2 Ie, Internet Explorer | 2021-07-23 | 5.1 MEDIUM | N/A |
| Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via crafted layout combinations involving DIV tags and HTML CSS float properties that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability." | |||||
| CVE-2006-5884 | 1 Microsoft | 2 Ie, Internet Explorer | 2021-07-23 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in DirectAnimation ActiveX controls for Microsoft Internet Explorer 5.01 through 6 have unknown impact and remote attack vectors, possibly related to (1) Danim.dll and (2) Lmrt.dll, a different set of vulnerabilities than CVE-2006-4446 and CVE-2006-4777. | |||||
| CVE-2006-3637 | 1 Microsoft | 2 Ie, Internet Explorer | 2021-07-23 | 5.1 MEDIUM | N/A |
| Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-assisted remote attackers to execute arbitrary code via a crafted HTML file that leads to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability." | |||||
| CVE-2006-2382 | 1 Microsoft | 1 Internet Explorer | 2021-07-23 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via crafted UTF-8 encoded HTML that results in size discrepancies during conversion to Unicode, aka "HTML Decoding Memory Corruption Vulnerability." | |||||
| CVE-2006-2383 | 1 Microsoft | 1 Internet Explorer | 2021-07-23 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via "unexpected data" related to "parameter validation" in the DXImageTransform.Microsoft.Light ActiveX control, which causes Internet Explorer to crash in a way that enables the code execution. | |||||
| CVE-2006-2384 | 1 Microsoft | 1 Internet Explorer | 2021-07-23 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to conduct spoofing and phishing attacks by using a modal browser window in a way that preserves the original address bar and trusted UI of a trusted site, even after the browser has been navigated to a malicious site, aka the "Address Bar Spoofing Vulnerability." | |||||
| CVE-2006-2385 | 1 Microsoft | 2 Ie, Internet Explorer | 2021-07-23 | 7.6 HIGH | N/A |
| Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption when it is saved as a multipart HTML (.mht) file. | |||||
| CVE-2006-1186 | 1 Microsoft | 2 Ie, Internet Explorer | 2021-07-23 | 10.0 HIGH | N/A |
| Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption. | |||||
| CVE-2006-0585 | 1 Microsoft | 1 Internet Explorer | 2021-07-23 | 5.0 MEDIUM | N/A |
| jscript.dll in Microsoft Internet Explorer 6.0 SP1 and earlier allows remote attackers to cause a denial of service (application crash) via a Shockwave Flash object that contains ActionScript code that calls VBScript, which in turn calls the Javascript document.write function, which triggers a null dereference. | |||||
| CVE-2006-0057 | 1 Microsoft | 2 Ie, Internet Explorer | 2021-07-23 | 7.5 HIGH | N/A |
| Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to bypass the Kill bit settings for dangerous ActiveX controls via unknown vectors involving crafted HTML, which can expose the browser to attacks that would otherwise be prevented by the Kill bit setting. NOTE: CERT/CC claims that MS05-054 fixes this issue, but it is not described in MS05-054. | |||||
| CVE-2004-0566 | 1 Microsoft | 1 Internet Explorer | 2021-07-23 | 7.5 HIGH | N/A |
| Integer overflow in imgbmp.cxx for Windows 2000 allows remote attackers to execute arbitrary code via a BMP image with a large bfOffBits value. | |||||
| CVE-2002-0691 | 1 Microsoft | 1 Internet Explorer | 2021-07-23 | 7.5 HIGH | N/A |
| Microsoft Internet Explorer 5.01 and 5.5 allows remote attackers to execute scripts in the Local Computer zone via a URL that references a local HTML resource file, a variant of "Cross-Site Scripting in Local HTML Resource" as identified by CAN-2002-0189. | |||||
| CVE-2002-0136 | 1 Microsoft | 1 Internet Explorer | 2021-07-23 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 5.5 on Windows 98 allows remote web pages to cause a denial of service (hang) via extremely long values for form fields such as INPUT and TEXTAREA, which can be automatically filled via Javascript. | |||||
| CVE-2000-0503 | 1 Microsoft | 1 Internet Explorer | 2021-07-23 | 2.6 LOW | N/A |
| The IFRAME of the WebBrowser control in Internet Explorer 5.01 allows a remote attacker to violate the cross frame security policy via the NavigateComplete2 event. | |||||
| CVE-2000-0465 | 1 Microsoft | 1 Internet Explorer | 2021-07-23 | 5.1 MEDIUM | N/A |
| Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files via the frame, aka the "Frame Domain Verification" vulnerability. | |||||
| CVE-2000-0061 | 1 Microsoft | 1 Internet Explorer | 2021-07-23 | 10.0 HIGH | N/A |
| Internet Explorer 5 does not modify the security zone for a document that is being loaded into a window until after the document has been loaded, which could allow remote attackers to execute Javascript in a different security context while the document is loading. | |||||
| CVE-2000-0028 | 1 Microsoft | 2 Ie, Internet Explorer | 2021-07-23 | 2.6 LOW | N/A |
| Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function. | |||||
| CVE-2007-0943 | 1 Microsoft | 2 Ie, Internet Explorer | 2021-07-23 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in Internet Explorer 5.01 and 6 SP1 allows remote attackers to execute arbitrary code via crafted Cascading Style Sheets (CSS) strings that trigger memory corruption during parsing, related to use of out-of-bounds pointers. | |||||
| CVE-2006-7029 | 1 Microsoft | 1 Internet Explorer | 2021-07-23 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a frameset with only one frame that calls resizeTo with certain arguments. NOTE: this issue might be related to CVE-2006-3637. | |||||
| CVE-2006-3639 | 1 Microsoft | 2 Ie, Internet Explorer | 2021-07-23 | 7.5 HIGH | N/A |
| Microsoft Internet Explorer 5.01 and 6 does not properly identify the originating domain zone when handling redirects, which allows remote attackers to read cross-domain web pages and possibly execute code via unspecified vectors involving a crafted web page, aka "Source Element Cross-Domain Vulnerability." | |||||
| CVE-2006-3640 | 1 Microsoft | 2 Ie, Internet Explorer | 2021-07-23 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 5.01 and 6 allows certain script to persist across navigations between pages, which allows remote attackers to obtain the window location of visited web pages in other domains or zones, aka "Window Location Information Disclosure Vulnerability." | |||||
| CVE-2006-3643 | 1 Microsoft | 2 Ie, Internet Explorer | 2021-07-23 | 6.0 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect Cross-Site Scripting Vulnerability." | |||||
| CVE-2005-1988 | 1 Microsoft | 2 Ie, Internet Explorer | 2021-07-23 | 5.1 MEDIUM | N/A |
| Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to execute arbitrary code via a web site or an HTML e-mail containing a crafted JPEG image that causes memory corruption, aka "JPEG Image Rendering Memory Corruption Vulnerability". | |||||
| CVE-2005-1989 | 1 Microsoft | 2 Ie, Internet Explorer | 2021-07-23 | 7.5 HIGH | N/A |
| Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to obtain information and possibly execute code when browsing from a web site to a web folder view using WebDAV, aka "Web Folder Behaviors Cross-Domain Vulnerability". | |||||
| CVE-2005-1990 | 1 Microsoft | 2 Ie, Internet Explorer | 2021-07-23 | 5.1 MEDIUM | N/A |
| Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, including (1) devenum.dll, (2) diactfrm.dll, (3) wmm2filt.dll, (4) fsusd.dll, (5) dmdskmgr.dll, (6) browsewm.dll, (7) browseui.dll, (8) shell32.dll, (9) mshtml.dll, (10) inetcfg.dll, (11) infosoft.dll, (12) query.dll, (13) syncui.dll, (14) clbcatex.dll, (15) clbcatq.dll, (16) comsvcs.dll, and (17) msconf.dll, which causes memory corruption, aka "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2087. | |||||
| CVE-2005-0054 | 1 Microsoft | 2 Ie, Internet Explorer | 2021-07-23 | 5.1 MEDIUM | N/A |
| Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname, aka the "URL Decoding Zone Spoofing Vulnerability." | |||||
| CVE-2005-0056 | 1 Microsoft | 2 Ie, Internet Explorer | 2021-07-23 | 5.1 MEDIUM | N/A |
| Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability." | |||||
| CVE-2004-0216 | 1 Microsoft | 2 Ie, Internet Explorer | 2021-07-23 | 10.0 HIGH | N/A |
| Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow. | |||||
| CVE-2004-0843 | 1 Microsoft | 2 Ie, Internet Explorer | 2021-07-23 | 5.0 MEDIUM | N/A |
| Internet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability." | |||||
| CVE-2004-0845 | 1 Microsoft | 2 Ie, Internet Explorer | 2021-07-23 | 6.4 MEDIUM | N/A |
| Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site. | |||||
| CVE-2003-1559 | 1 Microsoft | 2 Ie, Internet Explorer | 2021-07-23 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. | |||||
| CVE-2001-0919 | 1 Microsoft | 1 Internet Explorer | 2021-07-23 | 5.1 MEDIUM | N/A |
| Internet Explorer 5.50.4134.0100 on Windows ME with "Prompt to allow cookies to be stored on your machine" enabled does not warn a user when a cookie is set using Javascript. | |||||
| CVE-2001-0724 | 1 Microsoft | 1 Internet Explorer | 2021-07-23 | 7.5 HIGH | N/A |
| Internet Explorer 5.5 allows remote attackers to bypass security restrictions via malformed URLs that contain dotless IP addresses, which causes Internet Explorer to process the page in the Intranet Zone, which may have fewer security restrictions, aka the "Zone Spoofing Vulnerability variant" of CVE-2001-0664. | |||||
| CVE-2001-0664 | 1 Microsoft | 1 Internet Explorer | 2021-07-23 | 7.5 HIGH | N/A |
| Internet Explorer 5.5 and 5.01 allows remote attackers to bypass security restrictions via malformed URLs that contain dotless IP addresses, which causes Internet Explorer to process the page in the Intranet Zone, which may have fewer security restrictions, aka the "Zone Spoofing vulnerability." | |||||
| CVE-2001-0712 | 1 Microsoft | 1 Internet Explorer | 2021-07-23 | 7.5 HIGH | N/A |
| The rendering engine in Internet Explorer determines the MIME type independently of the type that is specified by the server, which allows remote servers to automatically execute script which is placed in a file whose MIME type does not normally support scripting, such as text (.txt), JPEG (.jpg), etc. | |||||
| CVE-2001-0643 | 1 Microsoft | 1 Internet Explorer | 2021-07-23 | 5.0 MEDIUM | N/A |
| Internet Explorer 5.5 does not display the Class ID (CLSID) when it is at the end of the file name, which could allow attackers to trick the user into executing dangerous programs by making it appear that the document is of a safe file type. | |||||
| CVE-2001-0002 | 1 Microsoft | 2 Internet Explorer, Windows Script Host | 2021-07-23 | 7.5 HIGH | N/A |
| Internet Explorer 5.5 and earlier allows remote attackers to obtain the physical location of cached content and open the content in the Local Computer Zone, then use compiled HTML help (.chm) files to execute arbitrary programs. | |||||
| CVE-2001-0246 | 1 Microsoft | 1 Internet Explorer | 2021-07-23 | 5.0 MEDIUM | N/A |
| Internet Explorer 5.5 and earlier does not properly verify the domain of a frame within a browser window, which allows remote web site operators to read certain files on the client by sending information from a local frame to a frame in a different domain, aka a variant of the "Frame Domain Verification" vulnerability. | |||||
| CVE-2001-0332 | 1 Microsoft | 1 Internet Explorer | 2021-07-23 | 5.0 MEDIUM | N/A |
| Internet Explorer 5.5 and earlier does not properly verify the domain of a frame within a browser window, which allows remote web site operators to read certain files on the client by sending information from a local frame to a frame in a different domain using MSScriptControl.ScriptControl and GetObject, aka a variant of the "Frame Domain Verification" vulnerability. | |||||