VYPR

Ie

by Microsoft

CVEs (200)

  • CVE-2004-2219Dec 31, 2004
    risk 0.01cvss epss 0.08

    Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake.

  • CVE-2004-0867Dec 23, 2004
    risk 0.01cvss epss 0.17

    Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was later reported that 2.x is…

  • CVE-2004-0284Nov 23, 2004
    risk 0.01cvss epss 0.17

    Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name.

  • CVE-2004-0869Sep 16, 2004
    risk 0.01cvss epss 0.15

    Internet Explorer does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security…

  • CVE-2004-0866Sep 16, 2004
    risk 0.01cvss epss 0.10

    Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.

  • CVE-2004-1686Sep 15, 2004
    risk 0.01cvss epss 0.10

    Internet Explorer 6.0 in Windows XP SP2 allows remote attackers to bypass the Information Bar prompt for ActiveX and Javascript via an XHTML page that contains an Internet Explorer formatted comment between the DOCTYPE tag and the HTML tag, as demonstrated using the…

  • CVE-2004-0475Jul 7, 2004
    risk 0.01cvss epss 0.10

    The showHelp function in Internet Explorer 6 on Windows XP Pro allows remote attackers to execute arbitrary local .CHM files via a double backward slash ("\\") before the target CHM file, as demonstrated using an "ms-its" URL to ntshared.chm. NOTE: this bug may overlap…

  • CVE-2003-0513Apr 15, 2004
    risk 0.01cvss epss 0.10

    Microsoft Internet Explorer allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Internet Explorer to send the cookie outside the specified URL subsets, e.g.…

  • CVE-2003-0815Feb 3, 2004
    risk 0.01cvss epss 0.19

    Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the…

  • CVE-2003-0817Feb 3, 2004
    risk 0.01cvss epss 0.18

    Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object.

  • CVE-2003-1559Dec 31, 2003
    risk 0.01cvss epss 0.16

    Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.

  • CVE-2003-1105Dec 31, 2003
    risk 0.01cvss epss 0.18

    Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to cause a denial of service (browser or Outlook Express crash) via HTML with certain input tags that are not properly rendered.

  • CVE-2003-1484Dec 31, 2003
    risk 0.01cvss epss 0.11

    Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) by creating a DHTML link that uses the AnchorClick "A" object with a blank href attribute.

  • CVE-2003-0115May 12, 2003
    risk 0.01cvss epss 0.12

    Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check parameters that are passed during third party rendering, which could allow remote attackers to execute arbitrary web script, aka the "Third Party Plugin Rendering" vulnerability, a different vulnerability than…

  • CVE-2003-0114May 12, 2003
    risk 0.01cvss epss 0.15

    The file upload control in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to automatically upload files from the local system via a web page containing a script to upload the files.

  • CVE-2003-1326Feb 19, 2003
    risk 0.01cvss epss 0.16

    Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box."

  • CVE-2002-2125Dec 31, 2002
    risk 0.01cvss epss 0.08

    Internet Explorer 6.0 does not warn users when an expired certificate authority (CA) certificate is submitted to the user and a newer CA certificate is in the user's local repository, which could allow remote attackers to decrypt web sessions via a man-in-the-middle (MITM)…

  • CVE-2002-0152Apr 22, 2002
    risk 0.01cvss epss 0.17

    Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0…

  • CVE-2001-0665Oct 30, 2001
    risk 0.01cvss epss 0.12

    Internet Explorer 6 and earlier allows remote attackers to cause certain HTTP requests to be automatically executed and appear to come from the user, which could allow attackers to gain privileges or execute operations within web-based services, aka the "HTTP Request Encoding…

  • CVE-2000-0768Oct 20, 2000
    risk 0.01cvss epss 0.10

    A function in Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a variant of the "Frame Domain Verification" vulnerability.

Page 9 of 10