VYPR

Ie

by Microsoft

CVEs (200)

  • CVE-2005-0056May 2, 2005
    risk 0.02cvss epss 0.28

    Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability."

  • CVE-2004-0985Dec 31, 2004
    risk 0.02cvss epss 0.20

    Internet Explorer 6.x on Windows XP SP2 allows remote attackers to execute arbitrary code, as demonstrated using a document with a draggable file type such as .xml, .doc, .py, .cdf, .css, .pdf, or .ppt, and using ADODB.Connection and ADODB.recordset to write to a .hta file that…

  • CVE-2004-1331Nov 16, 2004
    risk 0.02cvss epss 0.19

    The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows remote attackers to bypass the "File Download - Security Warning" dialog and save arbitrary files with arbitrary extensions via the SaveAs command.

  • CVE-2004-0845Nov 3, 2004
    risk 0.02cvss epss 0.31

    Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site.

  • CVE-2003-0823Feb 3, 2004
    risk 0.02cvss epss 0.26

    Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027.

  • CVE-2003-0814Feb 3, 2004
    risk 0.02cvss epss 0.28

    Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross…

  • CVE-2003-1028Jan 20, 2004
    risk 0.02cvss epss 0.19

    The download function of Internet Explorer 6 SP1 allows remote attackers to obtain the cache directory name via an HTTP response with an invalid ContentType and a .htm file, which could allow remote attackers to bypass security mechanisms that rely on random names, as…

  • CVE-2003-0530Aug 27, 2003
    risk 0.02cvss epss 0.29

    Buffer overflow in the BR549.DLL ActiveX control for Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to execute arbitrary code.

  • CVE-2003-0531Aug 27, 2003
    risk 0.02cvss epss 0.25

    Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to access and execute script in the My Computer domain using the browser cache via crafted Content-Type and Content-Disposition headers, aka the "Browser Cache Script Execution in My Computer Zone" vulnerability.

  • CVE-2003-0532Aug 27, 2003
    risk 0.02cvss epss 0.22

    Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine object types that are returned by web servers, which could allow remote attackers to execute arbitrary code via an object tag with a data parameter to a malicious file hosted on a server that returns an…

  • CVE-2003-0116May 12, 2003
    risk 0.02cvss epss 0.25

    Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check the Cascading Style Sheet input parameter for Modal dialogs, which allows remote attackers to read files on the local system via a web page containing script that creates a dialog and then accesses the target…

  • CVE-2003-0233May 12, 2003
    risk 0.02cvss epss 0.19

    Heap-based buffer overflow in plugin.ocx for Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via the Load() method, a different vulnerability than CVE-2003-0115.

  • CVE-2002-1185Dec 11, 2002
    risk 0.02cvss epss 0.21

    Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka…

  • CVE-2002-1186Dec 11, 2002
    risk 0.02cvss epss 0.19

    Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka…

  • CVE-2010-5071Dec 7, 2011
    risk 0.01cvss epss 0.13

    The JavaScript implementation in Microsoft Internet Explorer 8.0 and earlier does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by…

  • CVE-2002-2435Dec 7, 2011
    risk 0.01cvss epss 0.14

    The Cascading Style Sheets (CSS) implementation in Microsoft Internet Explorer 8.0 and earlier does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue…

  • CVE-2010-2118Jun 1, 2010
    risk 0.01cvss epss 0.10

    Microsoft Internet Explorer 6.0.2900.2180 and 8.0.7600.16385 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid news:// URIs.

  • CVE-2010-1991May 20, 2010
    risk 0.01cvss epss 0.11

    Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML…

  • CVE-2009-2576Jul 22, 2009
    risk 0.01cvss epss 0.15

    Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479. NOTE: it was later reported that 7.0.6000.16473 and…

  • CVE-2009-0550Apr 15, 2009
    risk 0.01cvss epss 0.12

    Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and…

Page 7 of 10