Ie
by Microsoft
CVEs (200)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2000-0160 | 0.01 | — | 0.09 | Feb 21, 2000 | The Microsoft Active Setup ActiveX component in Internet Explorer 4.x and 5.x allows a remote attacker to install software components without prompting the user by stating that the software's manufacturer is Microsoft. | |||
| CVE-2000-0162 | 0.01 | — | 0.08 | Feb 18, 2000 | The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the "VM File Reading" vulnerability. | |||
| CVE-2009-2069 | 0.00 | — | 0.02 | Jun 15, 2009 | Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site… | |||
| CVE-2009-2057 | 0.00 | — | 0.03 | Jun 15, 2009 | Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT… | |||
| CVE-2006-5913 | 0.00 | — | 0.05 | Nov 15, 2006 | Microsoft Internet Explorer 7 allows remote attackers to (1) cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/sslnavcancel.htm with the target site in the anchor identifier, which displays the site's URL in the address bar but… | |||
| CVE-2006-5805 | 0.00 | — | 0.06 | Nov 8, 2006 | Microsoft Internet Explorer 7 allows remote attackers to cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/invalidcert.htm with the target site as an argument, which displays the site's URL in the address bar but causes… | |||
| CVE-2005-3240 | 0.00 | — | 0.06 | Dec 31, 2005 | Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder view, then predicting the drag… | |||
| CVE-2005-4269 | 0.00 | — | 0.05 | Dec 15, 2005 | mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office… | |||
| CVE-2005-1791 | 0.00 | — | 0.04 | May 28, 2005 | Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the user attempts to add a URI to the restricted zone, in which the full domain name of the URI begins with numeric sequences similar to an IP address. NOTE: if there is not an exploit scenario in which an attacker… | |||
| CVE-2004-0979 | 0.00 | — | 0.04 | Dec 31, 2004 | Internet Explorer on Windows XP does not properly modify the "Drag and Drop or copy and paste files" setting when the user sets it to "Disable" or "Prompt," which may enable security-sensitive operations that are inconsistent with the user's intended configuration. | |||
| CVE-2004-0719 | 0.00 | — | 0.05 | Jul 27, 2004 | Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, and possibly other versions, does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the… | |||
| CVE-2002-1824 | 0.00 | — | 0.03 | Dec 31, 2002 | Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a webserver's certificate chain during a SSL/TLS handshake, does not prompt the user before searching for and finding a newer certificate, which may allow attackers to perform a man-in-the-middle attack. NOTE:… | |||
| CVE-2001-1497 | 0.00 | — | 0.02 | Dec 31, 2001 | Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a… | |||
| CVE-2001-1218 | 0.00 | — | 0.01 | Dec 20, 2001 | Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window. | |||
| CVE-2000-0519 | 0.00 | — | 0.05 | Jun 5, 2000 | Internet Explorer 4.x and 5.x does not properly re-validate an SSL certificate if the user establishes a new SSL session with the same server during the same Internet Explorer session, aka one of two different "SSL Certificate Validation" vulnerabilities. | |||
| CVE-2000-0518 | 0.00 | — | 0.05 | Jun 5, 2000 | Internet Explorer 4.x and 5.x does not properly verify all contents of an SSL certificate if a connection is made to the server via an image or a frame, aka one of two different "SSL Certificate Validation" vulnerabilities. | |||
| CVE-1999-0876 | 0.00 | — | 0.06 | Jan 4, 2000 | Buffer overflow in Internet Explorer 4.0 via EMBED tag. | |||
| CVE-2000-0036 | 0.00 | — | 0.04 | Dec 22, 1999 | Outlook Express 5 for Macintosh downloads attachments to HTML mail without prompting the user, aka the "HTML Mail Attachment" vulnerability. | |||
| CVE-1999-0839 | 0.00 | — | 0.02 | Nov 29, 1999 | Windows NT Task Scheduler installed with Internet Explorer 5 allows a user to gain privileges by modifying the job after it has been scheduled. | |||
| CVE-1999-0827 | 0.00 | — | 0.05 | Nov 1, 1999 | By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allows frame spoofing. |
- CVE-2000-0160Feb 21, 2000risk 0.01cvss —epss 0.09
The Microsoft Active Setup ActiveX component in Internet Explorer 4.x and 5.x allows a remote attacker to install software components without prompting the user by stating that the software's manufacturer is Microsoft.
- CVE-2000-0162Feb 18, 2000risk 0.01cvss —epss 0.08
The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the "VM File Reading" vulnerability.
- CVE-2009-2069Jun 15, 2009risk 0.00cvss —epss 0.02
Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site…
- CVE-2009-2057Jun 15, 2009risk 0.00cvss —epss 0.03
Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT…
- CVE-2006-5913Nov 15, 2006risk 0.00cvss —epss 0.05
Microsoft Internet Explorer 7 allows remote attackers to (1) cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/sslnavcancel.htm with the target site in the anchor identifier, which displays the site's URL in the address bar but…
- CVE-2006-5805Nov 8, 2006risk 0.00cvss —epss 0.06
Microsoft Internet Explorer 7 allows remote attackers to cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/invalidcert.htm with the target site as an argument, which displays the site's URL in the address bar but causes…
- CVE-2005-3240Dec 31, 2005risk 0.00cvss —epss 0.06
Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder view, then predicting the drag…
- CVE-2005-4269Dec 15, 2005risk 0.00cvss —epss 0.05
mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office…
- CVE-2005-1791May 28, 2005risk 0.00cvss —epss 0.04
Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the user attempts to add a URI to the restricted zone, in which the full domain name of the URI begins with numeric sequences similar to an IP address. NOTE: if there is not an exploit scenario in which an attacker…
- CVE-2004-0979Dec 31, 2004risk 0.00cvss —epss 0.04
Internet Explorer on Windows XP does not properly modify the "Drag and Drop or copy and paste files" setting when the user sets it to "Disable" or "Prompt," which may enable security-sensitive operations that are inconsistent with the user's intended configuration.
- CVE-2004-0719Jul 27, 2004risk 0.00cvss —epss 0.05
Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, and possibly other versions, does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the…
- CVE-2002-1824Dec 31, 2002risk 0.00cvss —epss 0.03
Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a webserver's certificate chain during a SSL/TLS handshake, does not prompt the user before searching for and finding a newer certificate, which may allow attackers to perform a man-in-the-middle attack. NOTE:…
- CVE-2001-1497Dec 31, 2001risk 0.00cvss —epss 0.02
Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a…
- CVE-2001-1218Dec 20, 2001risk 0.00cvss —epss 0.01
Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window.
- CVE-2000-0519Jun 5, 2000risk 0.00cvss —epss 0.05
Internet Explorer 4.x and 5.x does not properly re-validate an SSL certificate if the user establishes a new SSL session with the same server during the same Internet Explorer session, aka one of two different "SSL Certificate Validation" vulnerabilities.
- CVE-2000-0518Jun 5, 2000risk 0.00cvss —epss 0.05
Internet Explorer 4.x and 5.x does not properly verify all contents of an SSL certificate if a connection is made to the server via an image or a frame, aka one of two different "SSL Certificate Validation" vulnerabilities.
- CVE-1999-0876Jan 4, 2000risk 0.00cvss —epss 0.06
Buffer overflow in Internet Explorer 4.0 via EMBED tag.
- CVE-2000-0036Dec 22, 1999risk 0.00cvss —epss 0.04
Outlook Express 5 for Macintosh downloads attachments to HTML mail without prompting the user, aka the "HTML Mail Attachment" vulnerability.
- CVE-1999-0839Nov 29, 1999risk 0.00cvss —epss 0.02
Windows NT Task Scheduler installed with Internet Explorer 5 allows a user to gain privileges by modifying the job after it has been scheduled.
- CVE-1999-0827Nov 1, 1999risk 0.00cvss —epss 0.05
By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allows frame spoofing.
Page 10 of 10