VYPR

Internet Explorer

by Microsoft

CVEs (1,725)

  • CVE-2002-0723Sep 24, 2002
    risk 0.04cvss epss 0.15

    Microsoft Internet Explorer 5.5 and 6.0 does not properly verify the domain of a frame within a browser window, which allows remote attackers to read client files or invoke executable objects via the Object tag, aka "Cross Domain Verification in Object Tag."

  • CVE-2002-1444Aug 15, 2002
    risk 0.04cvss epss 0.14

    The Google toolbar 1.1.60, when running on Internet Explorer 5.5 and 6.0, allows remote attackers to cause a denial of service (crash with an exception in oleaut32.dll) via malicious HTML, possibly related to small width and height parameters or an incorrect call to the…

  • CVE-2002-0189May 29, 2002
    risk 0.04cvss epss 0.14

    Cross-site scripting vulnerability in Internet Explorer 6.0 allows remote attackers to execute scripts in the Local Computer zone via a URL that exploits a local HTML resource file, aka the "Cross-Site Scripting in Local HTML Resource" vulnerability.

  • CVE-2002-0153Apr 22, 2002
    risk 0.04cvss epss 0.18

    Internet Explorer 5.1 for Macintosh allows remote attackers to bypass security checks and invoke local AppleScripts within a specific HTML element, aka the "Local Applescript Invocation" vulnerability.

  • CVE-2001-1489Dec 31, 2001
    risk 0.04cvss epss 0.18

    Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images.

  • CVE-2001-0664Oct 30, 2001
    risk 0.04cvss epss 0.18

    Internet Explorer 5.5 and 5.01 allows remote attackers to bypass security restrictions via malformed URLs that contain dotless IP addresses, which causes Internet Explorer to process the page in the Intranet Zone, which may have fewer security restrictions, aka the "Zone…

  • CVE-2001-0643Sep 20, 2001
    risk 0.04cvss epss 0.10

    Internet Explorer 5.5 does not display the Class ID (CLSID) when it is at the end of the file name, which could allow attackers to trick the user into executing dangerous programs by making it appear that the document is of a safe file type.

  • CVE-2001-0150Jun 2, 2001
    risk 0.04cvss epss 0.18

    Internet Explorer 5.5 and earlier executes Telnet sessions using command line arguments that are specified by the web site, which could allow remote attackers to execute arbitrary commands if the IE client is using the Telnet client provided in Services for Unix (SFU) 2.0, which…

  • CVE-2001-0089Feb 16, 2001
    risk 0.04cvss epss 0.14

    Internet Explorer 5.0 through 5.5 allows remote attackers to read arbitrary files from the client via the INPUT TYPE element in an HTML form, aka the "File Upload via Form" vulnerability.

  • CVE-2000-0400May 13, 2000
    risk 0.04cvss epss 0.07

    The Microsoft Active Movie ActiveX Control in Internet Explorer 5 does not restrict which file types can be downloaded, which allows an attacker to download any type of file to a user's system by encoding it within an email message or news post.

  • CVE-2000-0156Feb 16, 2000
    risk 0.04cvss epss 0.13

    Internet Explorer 4.x and 5.x allows remote web servers to access files on the client that are outside of its security domain, aka the "Image Source Redirect" vulnerability.

  • CVE-1999-0981Dec 8, 1999
    risk 0.04cvss epss 0.13

    Internet Explorer 5.01 and earlier allows a remote attacker to create a reference to a client window and use a server-side redirect to access local files via that window, aka "Server-side Page Reference Redirect."

  • CVE-1999-0793Nov 17, 1999
    risk 0.04cvss epss 0.13

    Internet Explorer allows remote attackers to read files by redirecting data to a Javascript applet.

  • CVE-1999-1110Nov 14, 1999
    risk 0.04cvss epss 0.10

    Windows Media Player ActiveX object as used in Internet Explorer 5.0 returns a specific error code when a file does not exist, which allows remote malicious web sites to determine the existence of files on the client.

  • CVE-2000-0329Nov 11, 1999
    risk 0.04cvss epss 0.08

    A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML mail, aka the "Active Setup Control" vulnerability.

  • CVE-1999-0877Oct 1, 1999
    risk 0.04cvss epss 0.18

    Internet Explorer 5 allows remote attackers to read files via an ExecCommand method called on an IFRAME.

  • CVE-1999-0669Sep 1, 1999
    risk 0.04cvss epss 0.08

    The Eyedog ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy.

  • CVE-1999-1016Aug 27, 1999
    risk 0.04cvss epss 0.08

    Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) FrontPage Express, (3) Outlook Express 5, and (4) Eudora, and possibly others, allows remote malicious web site or HTML emails to cause a denial of service (100% CPU consumption) via large HTML form fields such as…

  • CVE-1999-0487May 1, 1999
    risk 0.04cvss epss 0.13

    The DHTML Edit ActiveX control in Internet Explorer allows remote attackers to read arbitrary files.

  • CVE-1999-1453Feb 2, 1999
    risk 0.04cvss epss 0.11

    Internet Explorer 4 allows remote attackers (malicious web site operators) to read the contents of the clipboard via the Internet WebBrowser ActiveX object.

Page 38 of 87