Internet Explorer
by Microsoft
CVEs (1,725)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2006-3637 | 0.06 | — | 0.44 | Aug 8, 2006 | Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-assisted remote attackers to execute arbitrary code via a crafted HTML file that leads to memory corruption, aka "HTML Rendering Memory Corruption… | |||
| CVE-2006-2383 | 0.06 | — | 0.40 | Jun 13, 2006 | Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via "unexpected data" related to "parameter validation" in the DXImageTransform.Microsoft.Light ActiveX control, which causes Internet… | |||
| CVE-2006-2111 | 0.06 | — | 0.40 | May 1, 2006 | A component in Microsoft Outlook Express 6 allows remote attackers to bypass domain restrictions and obtain sensitive information via redirections with the mhtml: URI handler, as originally reported for Internet Explorer 6 and 7, aka "URL Redirect Cross Domain Information… | |||
| CVE-2006-1992 | 0.06 | — | 0.40 | Apr 25, 2006 | mshtml.dll 6.00.2900.2873, as used in Microsoft Internet Explorer, allows remote attackers to cause a denial of service (crash) via nested OBJECT tags, which trigger invalid pointer dereferences including NULL dereferences. NOTE: the possibility of code execution was originally… | |||
| CVE-2006-1191 | 0.06 | — | 0.32 | Apr 11, 2006 | Microsoft Internet Explorer 5.01 through 6 does not always correctly identify the domain that is associated with a browser window, which allows remote attackers to obtain sensitive cross-domain information and spoof sites by running script after the user has navigated to another… | |||
| CVE-2006-1192 | 0.06 | — | 0.31 | Apr 11, 2006 | Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow "window content to persist" after the user has navigated to another site, aka the "Address… | |||
| CVE-2004-1104 | 0.06 | — | 0.35 | Dec 31, 2004 | Microsoft Internet Explorer 6.0 SP2 allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page that contains a BASE element that points to the legitimate site, followed by an anchor (a) element with an empty "href" attribute,… | |||
| CVE-2004-2434 | 0.06 | — | 0.33 | Dec 31, 2004 | Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (browser crash) via a link with "::{" (colon colon left brace), which triggers a null dereference when the user attempts to save the link using "Save As" and Internet Explorer prepares an… | |||
| CVE-2004-1166 | 0.06 | — | 0.39 | Dec 31, 2004 | CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the… | |||
| CVE-2004-0727 | 0.06 | — | 0.40 | Jul 27, 2004 | Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the… | |||
| CVE-2003-1026 | 0.06 | — | 0.39 | Jan 20, 2004 | Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by… | |||
| CVE-2003-0838 | 0.06 | — | 0.35 | Nov 17, 2003 | Internet Explorer allows remote attackers to bypass zone restrictions to inject and execute arbitrary programs by creating a popup window and inserting ActiveX object code with a "data" tag pointing to the malicious code, which Internet Explorer treats as HTML or Javascript, but… | |||
| CVE-2003-0113 | 0.06 | — | 0.39 | May 12, 2003 | Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via an HTTP response containing long values in (1) Content-type and (2) Content-encoding fields. | |||
| CVE-2003-1328 | 0.06 | — | 0.39 | Feb 19, 2003 | The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka "Improper Cross Domain Security Validation with ShowHelp… | |||
| CVE-2002-0193 | 0.06 | — | 0.33 | May 29, 2002 | Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than… | |||
| CVE-2002-0023 | 0.06 | — | 0.38 | Mar 8, 2002 | Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks. | |||
| CVE-2001-0149 | 0.06 | — | 0.32 | Jun 2, 2001 | Windows Scripting Host in Internet Explorer 5.5 and earlier allows remote attackers to read arbitrary files via the GetObject Javascript function and the htmlfile ActiveX object. | |||
| CVE-1999-1575 | 0.06 | — | 0.36 | Sep 10, 1999 | The Kodak/Wang (1) Image Edit (imgedit.ocx), (2) Image Annotation (imgedit.ocx), (3) Image Scan (imgscan.ocx), (4) Thumbnail Image (imgthumb.ocx), (5) Image Admin (imgadmin.ocx), (6) HHOpen (hhopen.ocx), (7) Registration Wizard (regwizc.dll), and (8) IE Active Setup… | |||
| CVE-1999-0891 | 0.06 | — | 0.43 | Sep 1, 1999 | The "download behavior" in Internet Explorer 5 allows remote attackers to read arbitrary files via a server-side redirect. | |||
| CVE-2015-6086 | 0.05 | — | 0.26 | Nov 11, 2015 | Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." |
- CVE-2006-3637Aug 8, 2006risk 0.06cvss —epss 0.44
Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-assisted remote attackers to execute arbitrary code via a crafted HTML file that leads to memory corruption, aka "HTML Rendering Memory Corruption…
- CVE-2006-2383Jun 13, 2006risk 0.06cvss —epss 0.40
Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via "unexpected data" related to "parameter validation" in the DXImageTransform.Microsoft.Light ActiveX control, which causes Internet…
- CVE-2006-2111May 1, 2006risk 0.06cvss —epss 0.40
A component in Microsoft Outlook Express 6 allows remote attackers to bypass domain restrictions and obtain sensitive information via redirections with the mhtml: URI handler, as originally reported for Internet Explorer 6 and 7, aka "URL Redirect Cross Domain Information…
- CVE-2006-1992Apr 25, 2006risk 0.06cvss —epss 0.40
mshtml.dll 6.00.2900.2873, as used in Microsoft Internet Explorer, allows remote attackers to cause a denial of service (crash) via nested OBJECT tags, which trigger invalid pointer dereferences including NULL dereferences. NOTE: the possibility of code execution was originally…
- CVE-2006-1191Apr 11, 2006risk 0.06cvss —epss 0.32
Microsoft Internet Explorer 5.01 through 6 does not always correctly identify the domain that is associated with a browser window, which allows remote attackers to obtain sensitive cross-domain information and spoof sites by running script after the user has navigated to another…
- CVE-2006-1192Apr 11, 2006risk 0.06cvss —epss 0.31
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow "window content to persist" after the user has navigated to another site, aka the "Address…
- CVE-2004-1104Dec 31, 2004risk 0.06cvss —epss 0.35
Microsoft Internet Explorer 6.0 SP2 allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page that contains a BASE element that points to the legitimate site, followed by an anchor (a) element with an empty "href" attribute,…
- CVE-2004-2434Dec 31, 2004risk 0.06cvss —epss 0.33
Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (browser crash) via a link with "::{" (colon colon left brace), which triggers a null dereference when the user attempts to save the link using "Save As" and Internet Explorer prepares an…
- CVE-2004-1166Dec 31, 2004risk 0.06cvss —epss 0.39
CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the…
- CVE-2004-0727Jul 27, 2004risk 0.06cvss —epss 0.40
Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the…
- CVE-2003-1026Jan 20, 2004risk 0.06cvss —epss 0.39
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by…
- CVE-2003-0838Nov 17, 2003risk 0.06cvss —epss 0.35
Internet Explorer allows remote attackers to bypass zone restrictions to inject and execute arbitrary programs by creating a popup window and inserting ActiveX object code with a "data" tag pointing to the malicious code, which Internet Explorer treats as HTML or Javascript, but…
- CVE-2003-0113May 12, 2003risk 0.06cvss —epss 0.39
Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via an HTTP response containing long values in (1) Content-type and (2) Content-encoding fields.
- CVE-2003-1328Feb 19, 2003risk 0.06cvss —epss 0.39
The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka "Improper Cross Domain Security Validation with ShowHelp…
- CVE-2002-0193May 29, 2002risk 0.06cvss —epss 0.33
Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than…
- CVE-2002-0023Mar 8, 2002risk 0.06cvss —epss 0.38
Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks.
- CVE-2001-0149Jun 2, 2001risk 0.06cvss —epss 0.32
Windows Scripting Host in Internet Explorer 5.5 and earlier allows remote attackers to read arbitrary files via the GetObject Javascript function and the htmlfile ActiveX object.
- CVE-1999-1575Sep 10, 1999risk 0.06cvss —epss 0.36
The Kodak/Wang (1) Image Edit (imgedit.ocx), (2) Image Annotation (imgedit.ocx), (3) Image Scan (imgscan.ocx), (4) Thumbnail Image (imgthumb.ocx), (5) Image Admin (imgadmin.ocx), (6) HHOpen (hhopen.ocx), (7) Registration Wizard (regwizc.dll), and (8) IE Active Setup…
- CVE-1999-0891Sep 1, 1999risk 0.06cvss —epss 0.43
The "download behavior" in Internet Explorer 5 allows remote attackers to read arbitrary files via a server-side redirect.
- CVE-2015-6086Nov 11, 2015risk 0.05cvss —epss 0.26
Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."
Page 28 of 87