Internet Explorer
by Microsoft
CVEs (1,725)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2005-2829 | 0.01 | — | 0.19 | Dec 14, 2005 | Multiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 allow user-assisted attackers to execute arbitrary code by (1) overlaying a malicious new window above a file download box, then (2) using a keyboard shortcut and delaying the display of the file download box… | |||
| CVE-2005-3312 | 0.01 | — | 0.12 | Oct 26, 2005 | The HTML rendering engine in Microsoft Internet Explorer 6.0 allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML in corrupted images and other files such as .GIF, JPG, and WAV, which is rendered as HTML when the user clicks on the link, even though the… | |||
| CVE-2005-2126 | 0.01 | — | 0.14 | Oct 21, 2005 | The FTP client in Windows XP SP1 and Server 2003, and Internet Explorer 6 SP1 on Windows 2000 SP4, when "Enable Folder View for FTP Sites" is enabled and the user manually initiates a file transfer, allows user-assisted, remote FTP servers to overwrite files in arbitrary… | |||
| CVE-2005-2304 | 0.01 | — | 0.09 | Jul 19, 2005 | Microsoft MSN Messenger 9.0 and Internet Explorer 6.0 allows remote attackers to cause a denial of service (crash) via an image with an ICC Profile with a large Tag Count. | |||
| CVE-2005-2274 | 0.01 | — | 0.10 | Jul 13, 2005 | Microsoft Internet Explorer 6.0 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability." | |||
| CVE-2005-1829 | 0.01 | — | 0.13 | May 28, 2005 | Microsoft Internet Explorer 6 SP2 allows remote attackers to cause a denial of service (infinite loop and application crash) via two embedded files that call each other. | |||
| CVE-2005-0500 | 0.01 | — | 0.11 | May 2, 2005 | Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to spoof the domain name of a URL in a titlebar for a script-initiated popup window, which could facilitate phishing attacks. | |||
| CVE-2005-0954 | 0.01 | — | 0.15 | May 2, 2005 | Windows Explorer and Internet Explorer in Windows 2000 SP1 allows remote attackers to cause a denial of service (CPU consumption) via a malformed Windows Metafile (WMF) file. | |||
| CVE-2005-0110 | 0.01 | — | 0.07 | Jan 14, 2005 | Internet Explorer 6 on Windows XP SP2 allows remote attackers to bypass the file download warning dialog and possibly trick an unknowledgeable user into executing arbitrary code via a web page with a body element containing an onclick tag, as demonstrated using the createElement… | |||
| CVE-2004-1173 | 0.01 | — | 0.12 | Dec 31, 2004 | Internet Explorer 6 allows remote attackers to bypass the popup blocker via the document object model (DOM) methods in the DHTML Dynamic HTML (DHTML) Editing Component (DEC) and Javascript that calls showModalDialog. | |||
| CVE-2004-2219 | 0.01 | — | 0.08 | Dec 31, 2004 | Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake. | |||
| CVE-2004-2307 | 0.01 | — | 0.15 | Dec 31, 2004 | Microsoft Internet Explorer 6.0.2600 on Windows XP allows remote attackers to cause a denial of service (browser crash) via a shell: URI with double backslashes (\\) in an HTML tag such as IFRAME or A. | |||
| CVE-2004-2011 | 0.01 | — | 0.07 | Dec 31, 2004 | msxml3.dll in Internet Explorer 6.0.2600.0 allows remote attackers to cause a denial of service (crash) via a single & (ampersand) in a link, which triggers a parsing error, possibly due to missing portions of the URI. | |||
| CVE-2004-1155 | 0.01 | — | 0.13 | Dec 31, 2004 | Internet Explorer 5.01 through 6 allows remote attackers to spoof arbitrary web sites by injecting content from one window into another window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window… | |||
| CVE-2004-2476 | 0.01 | — | 0.09 | Dec 31, 2004 | Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (infinite loop and crash) via an IFRAME with "?" as the file source. | |||
| CVE-2004-1376 | 0.01 | — | 0.09 | Dec 30, 2004 | Directory traversal vulnerability in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote malicious FTP servers to overwrite arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command. | |||
| CVE-2004-0867 | 0.01 | — | 0.17 | Dec 23, 2004 | Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was later reported that 2.x is… | |||
| CVE-2004-0284 | 0.01 | — | 0.17 | Nov 23, 2004 | Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name. | |||
| CVE-2004-0866 | 0.01 | — | 0.10 | Sep 16, 2004 | Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. | |||
| CVE-2003-0513 | 0.01 | — | 0.10 | Apr 15, 2004 | Microsoft Internet Explorer allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Internet Explorer to send the cookie outside the specified URL subsets, e.g.… |
- CVE-2005-2829Dec 14, 2005risk 0.01cvss —epss 0.19
Multiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 allow user-assisted attackers to execute arbitrary code by (1) overlaying a malicious new window above a file download box, then (2) using a keyboard shortcut and delaying the display of the file download box…
- CVE-2005-3312Oct 26, 2005risk 0.01cvss —epss 0.12
The HTML rendering engine in Microsoft Internet Explorer 6.0 allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML in corrupted images and other files such as .GIF, JPG, and WAV, which is rendered as HTML when the user clicks on the link, even though the…
- CVE-2005-2126Oct 21, 2005risk 0.01cvss —epss 0.14
The FTP client in Windows XP SP1 and Server 2003, and Internet Explorer 6 SP1 on Windows 2000 SP4, when "Enable Folder View for FTP Sites" is enabled and the user manually initiates a file transfer, allows user-assisted, remote FTP servers to overwrite files in arbitrary…
- CVE-2005-2304Jul 19, 2005risk 0.01cvss —epss 0.09
Microsoft MSN Messenger 9.0 and Internet Explorer 6.0 allows remote attackers to cause a denial of service (crash) via an image with an ICC Profile with a large Tag Count.
- CVE-2005-2274Jul 13, 2005risk 0.01cvss —epss 0.10
Microsoft Internet Explorer 6.0 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."
- CVE-2005-1829May 28, 2005risk 0.01cvss —epss 0.13
Microsoft Internet Explorer 6 SP2 allows remote attackers to cause a denial of service (infinite loop and application crash) via two embedded files that call each other.
- CVE-2005-0500May 2, 2005risk 0.01cvss —epss 0.11
Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to spoof the domain name of a URL in a titlebar for a script-initiated popup window, which could facilitate phishing attacks.
- CVE-2005-0954May 2, 2005risk 0.01cvss —epss 0.15
Windows Explorer and Internet Explorer in Windows 2000 SP1 allows remote attackers to cause a denial of service (CPU consumption) via a malformed Windows Metafile (WMF) file.
- CVE-2005-0110Jan 14, 2005risk 0.01cvss —epss 0.07
Internet Explorer 6 on Windows XP SP2 allows remote attackers to bypass the file download warning dialog and possibly trick an unknowledgeable user into executing arbitrary code via a web page with a body element containing an onclick tag, as demonstrated using the createElement…
- CVE-2004-1173Dec 31, 2004risk 0.01cvss —epss 0.12
Internet Explorer 6 allows remote attackers to bypass the popup blocker via the document object model (DOM) methods in the DHTML Dynamic HTML (DHTML) Editing Component (DEC) and Javascript that calls showModalDialog.
- CVE-2004-2219Dec 31, 2004risk 0.01cvss —epss 0.08
Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake.
- CVE-2004-2307Dec 31, 2004risk 0.01cvss —epss 0.15
Microsoft Internet Explorer 6.0.2600 on Windows XP allows remote attackers to cause a denial of service (browser crash) via a shell: URI with double backslashes (\\) in an HTML tag such as IFRAME or A.
- CVE-2004-2011Dec 31, 2004risk 0.01cvss —epss 0.07
msxml3.dll in Internet Explorer 6.0.2600.0 allows remote attackers to cause a denial of service (crash) via a single & (ampersand) in a link, which triggers a parsing error, possibly due to missing portions of the URI.
- CVE-2004-1155Dec 31, 2004risk 0.01cvss —epss 0.13
Internet Explorer 5.01 through 6 allows remote attackers to spoof arbitrary web sites by injecting content from one window into another window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window…
- CVE-2004-2476Dec 31, 2004risk 0.01cvss —epss 0.09
Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (infinite loop and crash) via an IFRAME with "?" as the file source.
- CVE-2004-1376Dec 30, 2004risk 0.01cvss —epss 0.09
Directory traversal vulnerability in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote malicious FTP servers to overwrite arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command.
- CVE-2004-0867Dec 23, 2004risk 0.01cvss —epss 0.17
Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was later reported that 2.x is…
- CVE-2004-0284Nov 23, 2004risk 0.01cvss —epss 0.17
Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name.
- CVE-2004-0866Sep 16, 2004risk 0.01cvss —epss 0.10
Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.
- CVE-2003-0513Apr 15, 2004risk 0.01cvss —epss 0.10
Microsoft Internet Explorer allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Internet Explorer to send the cookie outside the specified URL subsets, e.g.…
Page 77 of 87