Internet Explorer
by Microsoft
CVEs (1,725)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2002-0500 | 0.01 | — | 0.15 | Aug 12, 2002 | Internet Explorer 5.0 through 6.0 allows remote attackers to determine the existence of files on the client via an IMG tag with a dynsrc property that references the target file, which sets certain elements of the image object such as file size. | |||
| CVE-2002-0832 | 0.01 | — | 0.10 | Aug 12, 2002 | Internet Explorer 5, 5.6, and 6 allows remote attackers to bypass cookie privacy settings and store information across browser sessions via the userData (storeuserData) feature. | |||
| CVE-2002-0269 | 0.01 | — | 0.11 | May 29, 2002 | Internet Explorer 5.x and 6 interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web applications that use a text/plain… | |||
| CVE-2002-0188 | 0.01 | — | 0.16 | May 29, 2002 | Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than… | |||
| CVE-2002-0242 | 0.01 | — | 0.11 | May 29, 2002 | Cross-site scripting vulnerability in Internet Explorer 6 earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed. | |||
| CVE-2002-0152 | 0.01 | — | 0.17 | Apr 22, 2002 | Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0… | |||
| CVE-2002-0101 | 0.01 | — | 0.12 | Mar 25, 2002 | Microsoft Internet Explorer 6.0 and earlier allows local users to cause a denial of service via an infinite loop for modeless dialogs showModelessDialog, which causes CPU usage while the focus for the dialog is not released. | |||
| CVE-2002-0136 | 0.01 | — | 0.07 | Mar 25, 2002 | Microsoft Internet Explorer 5.5 on Windows 98 allows remote web pages to cause a denial of service (hang) via extremely long values for form fields such as INPUT and TEXTAREA, which can be automatically filled via Javascript. | |||
| CVE-2002-0026 | 0.01 | — | 0.13 | Mar 8, 2002 | Internet Explorer 5.5 and 6.0 allows remote attackers to bypass restrictions for executing scripts via an object that processes asynchronous events after the initial security checks have been made. | |||
| CVE-2002-0052 | 0.01 | — | 0.18 | Mar 8, 2002 | Internet Explorer 6.0 and earlier does not properly handle VBScript in certain domain security checks, which allows remote attackers to read arbitrary files. | |||
| CVE-2002-0025 | 0.01 | — | 0.14 | Mar 8, 2002 | Internet Explorer 5.01, 5.5 and 6.0 does not properly handle the Content-Type HTML header field, which allows remote attackers to modify which application is used to process a document. | |||
| CVE-2002-0077 | 0.01 | — | 0.11 | Jan 13, 2002 | Microsoft Internet Explorer 5.01, 5.5 and 6.0 treats objects invoked on an HTML page with the codebase property as part of Local Computer zone, which allows remote attackers to invoke executables present on the local system through objects such as the popup object, aka the… | |||
| CVE-2001-1539 | 0.01 | — | 0.14 | Dec 31, 2001 | Stack consumption vulnerability in Internet Explorer The JavaScript settimeout function in Internet Explorer allows remote attackers to cause a denial of service (crash) via the JavaScript settimeout function. NOTE: the vendor could not reproduce the problem. | |||
| CVE-2001-0874 | 0.01 | — | 0.22 | Dec 13, 2001 | Internet Explorer 5.5 and 6.0 allow remote attackers to read certain files via HTML that passes information from a frame in the client's domain to a frame in the web site's domain, a variant of the "Frame Domain Verification" vulnerability. | |||
| CVE-2001-0807 | 0.01 | — | 0.07 | Dec 6, 2001 | Internet Explorer 5.0, and possibly other versions, may allow remote attackers (malicious web pages) to read known text files from a client's hard drive via a SCRIPT tag with a SRC value that points to the text file. | |||
| CVE-2001-0904 | 0.01 | — | 0.07 | Nov 20, 2001 | Internet Explorer 5.5 and 6 with the Q312461 (MS01-055) patch modifies the HTTP_USER_AGENT (UserAgent) information that indicates that the patch has been installed, which could allow remote malicious web sites to more easily identify and exploit vulnerable clients. | |||
| CVE-2001-0723 | 0.01 | — | 0.11 | Nov 14, 2001 | Internet Explorer 5.5 and 6.0 allows remote attackers to read and modify user cookies via Javascript, aka the "Second Cookie Handling Vulnerability." | |||
| CVE-2001-0724 | 0.01 | — | 0.12 | Nov 14, 2001 | Internet Explorer 5.5 allows remote attackers to bypass security restrictions via malformed URLs that contain dotless IP addresses, which causes Internet Explorer to process the page in the Intranet Zone, which may have fewer security restrictions, aka the "Zone Spoofing… | |||
| CVE-2001-0665 | 0.01 | — | 0.12 | Oct 30, 2001 | Internet Explorer 6 and earlier allows remote attackers to cause certain HTTP requests to be automatically executed and appear to come from the user, which could allow attackers to gain privileges or execute operations within web-based services, aka the "HTTP Request Encoding… | |||
| CVE-2001-0339 | 0.01 | — | 0.15 | Jun 27, 2001 | Internet Explorer 5.5 and earlier allows remote attackers to display a URL in the address bar that is different than the URL that is actually being displayed, which could be used in web site spoofing attacks, aka the "Web page spoofing vulnerability." |
- CVE-2002-0500Aug 12, 2002risk 0.01cvss —epss 0.15
Internet Explorer 5.0 through 6.0 allows remote attackers to determine the existence of files on the client via an IMG tag with a dynsrc property that references the target file, which sets certain elements of the image object such as file size.
- CVE-2002-0832Aug 12, 2002risk 0.01cvss —epss 0.10
Internet Explorer 5, 5.6, and 6 allows remote attackers to bypass cookie privacy settings and store information across browser sessions via the userData (storeuserData) feature.
- CVE-2002-0269May 29, 2002risk 0.01cvss —epss 0.11
Internet Explorer 5.x and 6 interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web applications that use a text/plain…
- CVE-2002-0188May 29, 2002risk 0.01cvss —epss 0.16
Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than…
- CVE-2002-0242May 29, 2002risk 0.01cvss —epss 0.11
Cross-site scripting vulnerability in Internet Explorer 6 earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed.
- CVE-2002-0152Apr 22, 2002risk 0.01cvss —epss 0.17
Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0…
- CVE-2002-0101Mar 25, 2002risk 0.01cvss —epss 0.12
Microsoft Internet Explorer 6.0 and earlier allows local users to cause a denial of service via an infinite loop for modeless dialogs showModelessDialog, which causes CPU usage while the focus for the dialog is not released.
- CVE-2002-0136Mar 25, 2002risk 0.01cvss —epss 0.07
Microsoft Internet Explorer 5.5 on Windows 98 allows remote web pages to cause a denial of service (hang) via extremely long values for form fields such as INPUT and TEXTAREA, which can be automatically filled via Javascript.
- CVE-2002-0026Mar 8, 2002risk 0.01cvss —epss 0.13
Internet Explorer 5.5 and 6.0 allows remote attackers to bypass restrictions for executing scripts via an object that processes asynchronous events after the initial security checks have been made.
- CVE-2002-0052Mar 8, 2002risk 0.01cvss —epss 0.18
Internet Explorer 6.0 and earlier does not properly handle VBScript in certain domain security checks, which allows remote attackers to read arbitrary files.
- CVE-2002-0025Mar 8, 2002risk 0.01cvss —epss 0.14
Internet Explorer 5.01, 5.5 and 6.0 does not properly handle the Content-Type HTML header field, which allows remote attackers to modify which application is used to process a document.
- CVE-2002-0077Jan 13, 2002risk 0.01cvss —epss 0.11
Microsoft Internet Explorer 5.01, 5.5 and 6.0 treats objects invoked on an HTML page with the codebase property as part of Local Computer zone, which allows remote attackers to invoke executables present on the local system through objects such as the popup object, aka the…
- CVE-2001-1539Dec 31, 2001risk 0.01cvss —epss 0.14
Stack consumption vulnerability in Internet Explorer The JavaScript settimeout function in Internet Explorer allows remote attackers to cause a denial of service (crash) via the JavaScript settimeout function. NOTE: the vendor could not reproduce the problem.
- CVE-2001-0874Dec 13, 2001risk 0.01cvss —epss 0.22
Internet Explorer 5.5 and 6.0 allow remote attackers to read certain files via HTML that passes information from a frame in the client's domain to a frame in the web site's domain, a variant of the "Frame Domain Verification" vulnerability.
- CVE-2001-0807Dec 6, 2001risk 0.01cvss —epss 0.07
Internet Explorer 5.0, and possibly other versions, may allow remote attackers (malicious web pages) to read known text files from a client's hard drive via a SCRIPT tag with a SRC value that points to the text file.
- CVE-2001-0904Nov 20, 2001risk 0.01cvss —epss 0.07
Internet Explorer 5.5 and 6 with the Q312461 (MS01-055) patch modifies the HTTP_USER_AGENT (UserAgent) information that indicates that the patch has been installed, which could allow remote malicious web sites to more easily identify and exploit vulnerable clients.
- CVE-2001-0723Nov 14, 2001risk 0.01cvss —epss 0.11
Internet Explorer 5.5 and 6.0 allows remote attackers to read and modify user cookies via Javascript, aka the "Second Cookie Handling Vulnerability."
- CVE-2001-0724Nov 14, 2001risk 0.01cvss —epss 0.12
Internet Explorer 5.5 allows remote attackers to bypass security restrictions via malformed URLs that contain dotless IP addresses, which causes Internet Explorer to process the page in the Intranet Zone, which may have fewer security restrictions, aka the "Zone Spoofing…
- CVE-2001-0665Oct 30, 2001risk 0.01cvss —epss 0.12
Internet Explorer 6 and earlier allows remote attackers to cause certain HTTP requests to be automatically executed and appear to come from the user, which could allow attackers to gain privileges or execute operations within web-based services, aka the "HTTP Request Encoding…
- CVE-2001-0339Jun 27, 2001risk 0.01cvss —epss 0.15
Internet Explorer 5.5 and earlier allows remote attackers to display a URL in the address bar that is different than the URL that is actually being displayed, which could be used in web site spoofing attacks, aka the "Web page spoofing vulnerability."
Page 79 of 87