VYPR

Ie

by Microsoft

CVEs (200)

  • CVE-2000-0160Feb 21, 2000
    risk 0.01cvss epss 0.09

    The Microsoft Active Setup ActiveX component in Internet Explorer 4.x and 5.x allows a remote attacker to install software components without prompting the user by stating that the software's manufacturer is Microsoft.

  • CVE-2000-0162Feb 18, 2000
    risk 0.01cvss epss 0.08

    The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the "VM File Reading" vulnerability.

  • CVE-2009-2069Jun 15, 2009
    risk 0.00cvss epss 0.02

    Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site…

  • CVE-2009-2057Jun 15, 2009
    risk 0.00cvss epss 0.03

    Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT…

  • CVE-2006-5913Nov 15, 2006
    risk 0.00cvss epss 0.05

    Microsoft Internet Explorer 7 allows remote attackers to (1) cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/sslnavcancel.htm with the target site in the anchor identifier, which displays the site's URL in the address bar but…

  • CVE-2006-5805Nov 8, 2006
    risk 0.00cvss epss 0.06

    Microsoft Internet Explorer 7 allows remote attackers to cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/invalidcert.htm with the target site as an argument, which displays the site's URL in the address bar but causes…

  • CVE-2005-3240Dec 31, 2005
    risk 0.00cvss epss 0.06

    Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder view, then predicting the drag…

  • CVE-2005-4269Dec 15, 2005
    risk 0.00cvss epss 0.05

    mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office…

  • CVE-2005-1791May 28, 2005
    risk 0.00cvss epss 0.04

    Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the user attempts to add a URI to the restricted zone, in which the full domain name of the URI begins with numeric sequences similar to an IP address. NOTE: if there is not an exploit scenario in which an attacker…

  • CVE-2004-0979Dec 31, 2004
    risk 0.00cvss epss 0.04

    Internet Explorer on Windows XP does not properly modify the "Drag and Drop or copy and paste files" setting when the user sets it to "Disable" or "Prompt," which may enable security-sensitive operations that are inconsistent with the user's intended configuration.

  • CVE-2004-0719Jul 27, 2004
    risk 0.00cvss epss 0.05

    Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, and possibly other versions, does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the…

  • CVE-2002-1824Dec 31, 2002
    risk 0.00cvss epss 0.03

    Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a webserver's certificate chain during a SSL/TLS handshake, does not prompt the user before searching for and finding a newer certificate, which may allow attackers to perform a man-in-the-middle attack. NOTE:…

  • CVE-2001-1497Dec 31, 2001
    risk 0.00cvss epss 0.02

    Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a…

  • CVE-2001-1218Dec 20, 2001
    risk 0.00cvss epss 0.01

    Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window.

  • CVE-2000-0519Jun 5, 2000
    risk 0.00cvss epss 0.05

    Internet Explorer 4.x and 5.x does not properly re-validate an SSL certificate if the user establishes a new SSL session with the same server during the same Internet Explorer session, aka one of two different "SSL Certificate Validation" vulnerabilities.

  • CVE-2000-0518Jun 5, 2000
    risk 0.00cvss epss 0.05

    Internet Explorer 4.x and 5.x does not properly verify all contents of an SSL certificate if a connection is made to the server via an image or a frame, aka one of two different "SSL Certificate Validation" vulnerabilities.

  • CVE-1999-0876Jan 4, 2000
    risk 0.00cvss epss 0.06

    Buffer overflow in Internet Explorer 4.0 via EMBED tag.

  • CVE-2000-0036Dec 22, 1999
    risk 0.00cvss epss 0.04

    Outlook Express 5 for Macintosh downloads attachments to HTML mail without prompting the user, aka the "HTML Mail Attachment" vulnerability.

  • CVE-1999-0839Nov 29, 1999
    risk 0.00cvss epss 0.02

    Windows NT Task Scheduler installed with Internet Explorer 5 allows a user to gain privileges by modifying the job after it has been scheduled.

  • CVE-1999-0827Nov 1, 1999
    risk 0.00cvss epss 0.05

    By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allows frame spoofing.

Page 10 of 10