Internet Explorer
by Microsoft
CVEs (1,725)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2002-1714 | 0.05 | — | 0.19 | Dec 31, 2002 | Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to cause a denial of service (crash) via an object of type "text/html" with the DATA field that identifies the HTML document that contains the object, which may cause infinite recursion. | |||
| CVE-2002-2031 | 0.05 | — | 0.21 | Dec 31, 2002 | Internet Explorer 5.0, 5.0.1 and 5.5 with JavaScript execution enabled allows remote attackers to determine the existence of arbitrary files via a script tag with a src parameter that references a non-JavaScript file, then using the onError event handler to monitor the results. | |||
| CVE-2002-0980 | 0.05 | — | 0.27 | Sep 24, 2002 | The Web Folder component for Internet Explorer 5.5 and 6.0 writes an error message to a known location in the temporary folder, which allows remote attackers to execute arbitrary code by injecting it into the error message, then referring to the error message file via a mhtml:… | |||
| CVE-2002-0647 | 0.05 | — | 0.23 | Sep 24, 2002 | Buffer overflow in a legacy ActiveX control used to display specially formatted text in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code, aka "Buffer Overrun in Legacy Text Formatting ActiveX Control". | |||
| CVE-2002-0461 | 0.05 | — | 0.23 | Aug 12, 2002 | Internet Explorer 5.01 through 6 allows remote attackers to cause a denial of service (application crash) via Javascript in a web page that calls location.replace on itself, causing a loop. | |||
| CVE-2002-0191 | 0.05 | — | 0.30 | May 29, 2002 | Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to view arbitrary files that contain the "{" character via script containing the cssText property of the stylesheet object, aka "Local Information Disclosure through HTML Object" vulnerability. | |||
| CVE-2001-0722 | 0.05 | — | 0.28 | Dec 6, 2001 | Internet Explorer 5.5 and 6.0 allows remote attackers to read and modify user cookies via Javascript in an about: URL, aka the "First Cookie Handling Vulnerability." | |||
| CVE-2001-0875 | 0.05 | — | 0.28 | Nov 26, 2001 | Internet Explorer 5.5 and 6.0 allows remote attackers to cause the File Download dialogue box to misrepresent the name of the file in the dialogue in a way that could fool users into thinking that the file type is safe to download. | |||
| CVE-2001-0322 | 0.05 | — | 0.21 | Jun 2, 2001 | MSHTML.DLL HTML parser in Internet Explorer 4.0, and other versions, allows remote attackers to cause a denial of service (application crash) via a script that creates and deletes an object that is associated with the browser window object. | |||
| CVE-2001-1325 | 0.05 | — | 0.27 | Apr 20, 2001 | Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow remote attackers to execute scripts when Active Scripting is disabled by including the scripts in XML stylesheets (XSL) that are referenced using an IFRAME tag, possibly due to a vulnerability in Windows… | |||
| CVE-2000-0465 | 0.05 | — | 0.21 | May 17, 2000 | Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files via the frame, aka the "Frame Domain Verification" vulnerability. | |||
| CVE-2000-0105 | 0.05 | — | 0.21 | Feb 1, 2000 | Outlook Express 5.01 and Internet Explorer 5.01 allow remote attackers to view a user's email messages via a script that accesses a variable that references subsequent email messages that are read by the client. | |||
| CVE-2000-0061 | 0.05 | — | 0.20 | Jan 7, 2000 | Internet Explorer 5 does not modify the security zone for a document that is being loaded into a window until after the document has been loaded, which could allow remote attackers to execute Javascript in a different security context while the document is loading. | |||
| CVE-2000-0028 | 0.05 | — | 0.23 | Dec 23, 1999 | Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function. | |||
| CVE-1999-1577 | 0.05 | — | 0.19 | Oct 31, 1999 | Buffer overflow in HHOpen ActiveX control (hhopen.ocx) 1.0.0.1 for Internet Explorer 4.01 and 5 allows remote attackers to execute arbitrary commands via long arguments to the OpenHelp method. | |||
| CVE-1999-1578 | 0.05 | — | 0.19 | Sep 24, 1999 | Buffer overflow in Registration Wizard ActiveX control (regwizc.dll, InvokeRegWizard) 3.0.0.0 for Internet Explorer 4.01 and 5 allows remote attackers to execute arbitrary commands. | |||
| CVE-1999-0702 | 0.05 | — | 0.24 | Sep 10, 1999 | Internet Explorer 5.0 and 5.01 allows remote attackers to modify or execute files via the Import/Export Favorites feature, aka the "ImportExportFavorites" vulnerability. | |||
| CVE-1999-0668 | 0.05 | — | 0.23 | Aug 21, 1999 | The scriptlet.typelib ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy. | |||
| CVE-2014-1778 | 0.04 | — | 0.15 | Jun 11, 2014 | Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary web script with increased privileges via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2014-2777. | |||
| CVE-2014-1771 | 0.04 | — | 0.08 | Jun 11, 2014 | SChannel in Microsoft Internet Explorer 6 through 11 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a… |
- CVE-2002-1714Dec 31, 2002risk 0.05cvss —epss 0.19
Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to cause a denial of service (crash) via an object of type "text/html" with the DATA field that identifies the HTML document that contains the object, which may cause infinite recursion.
- CVE-2002-2031Dec 31, 2002risk 0.05cvss —epss 0.21
Internet Explorer 5.0, 5.0.1 and 5.5 with JavaScript execution enabled allows remote attackers to determine the existence of arbitrary files via a script tag with a src parameter that references a non-JavaScript file, then using the onError event handler to monitor the results.
- CVE-2002-0980Sep 24, 2002risk 0.05cvss —epss 0.27
The Web Folder component for Internet Explorer 5.5 and 6.0 writes an error message to a known location in the temporary folder, which allows remote attackers to execute arbitrary code by injecting it into the error message, then referring to the error message file via a mhtml:…
- CVE-2002-0647Sep 24, 2002risk 0.05cvss —epss 0.23
Buffer overflow in a legacy ActiveX control used to display specially formatted text in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code, aka "Buffer Overrun in Legacy Text Formatting ActiveX Control".
- CVE-2002-0461Aug 12, 2002risk 0.05cvss —epss 0.23
Internet Explorer 5.01 through 6 allows remote attackers to cause a denial of service (application crash) via Javascript in a web page that calls location.replace on itself, causing a loop.
- CVE-2002-0191May 29, 2002risk 0.05cvss —epss 0.30
Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to view arbitrary files that contain the "{" character via script containing the cssText property of the stylesheet object, aka "Local Information Disclosure through HTML Object" vulnerability.
- CVE-2001-0722Dec 6, 2001risk 0.05cvss —epss 0.28
Internet Explorer 5.5 and 6.0 allows remote attackers to read and modify user cookies via Javascript in an about: URL, aka the "First Cookie Handling Vulnerability."
- CVE-2001-0875Nov 26, 2001risk 0.05cvss —epss 0.28
Internet Explorer 5.5 and 6.0 allows remote attackers to cause the File Download dialogue box to misrepresent the name of the file in the dialogue in a way that could fool users into thinking that the file type is safe to download.
- CVE-2001-0322Jun 2, 2001risk 0.05cvss —epss 0.21
MSHTML.DLL HTML parser in Internet Explorer 4.0, and other versions, allows remote attackers to cause a denial of service (application crash) via a script that creates and deletes an object that is associated with the browser window object.
- CVE-2001-1325Apr 20, 2001risk 0.05cvss —epss 0.27
Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow remote attackers to execute scripts when Active Scripting is disabled by including the scripts in XML stylesheets (XSL) that are referenced using an IFRAME tag, possibly due to a vulnerability in Windows…
- CVE-2000-0465May 17, 2000risk 0.05cvss —epss 0.21
Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files via the frame, aka the "Frame Domain Verification" vulnerability.
- CVE-2000-0105Feb 1, 2000risk 0.05cvss —epss 0.21
Outlook Express 5.01 and Internet Explorer 5.01 allow remote attackers to view a user's email messages via a script that accesses a variable that references subsequent email messages that are read by the client.
- CVE-2000-0061Jan 7, 2000risk 0.05cvss —epss 0.20
Internet Explorer 5 does not modify the security zone for a document that is being loaded into a window until after the document has been loaded, which could allow remote attackers to execute Javascript in a different security context while the document is loading.
- CVE-2000-0028Dec 23, 1999risk 0.05cvss —epss 0.23
Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function.
- CVE-1999-1577Oct 31, 1999risk 0.05cvss —epss 0.19
Buffer overflow in HHOpen ActiveX control (hhopen.ocx) 1.0.0.1 for Internet Explorer 4.01 and 5 allows remote attackers to execute arbitrary commands via long arguments to the OpenHelp method.
- CVE-1999-1578Sep 24, 1999risk 0.05cvss —epss 0.19
Buffer overflow in Registration Wizard ActiveX control (regwizc.dll, InvokeRegWizard) 3.0.0.0 for Internet Explorer 4.01 and 5 allows remote attackers to execute arbitrary commands.
- CVE-1999-0702Sep 10, 1999risk 0.05cvss —epss 0.24
Internet Explorer 5.0 and 5.01 allows remote attackers to modify or execute files via the Import/Export Favorites feature, aka the "ImportExportFavorites" vulnerability.
- CVE-1999-0668Aug 21, 1999risk 0.05cvss —epss 0.23
The scriptlet.typelib ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy.
- CVE-2014-1778Jun 11, 2014risk 0.04cvss —epss 0.15
Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary web script with increased privileges via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2014-2777.
- CVE-2014-1771Jun 11, 2014risk 0.04cvss —epss 0.08
SChannel in Microsoft Internet Explorer 6 through 11 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a…
Page 35 of 87