Internet Explorer
by Microsoft
CVEs (1,725)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2001-1450 | 0.01 | — | 0.07 | May 11, 2001 | Microsoft Internet Explorer 5.0 through 6.0 allows attackers to cause a denial of service (browser crash) via a crafted FTP URL such as "/.#./". | |||
| CVE-2001-0154 | 0.01 | — | 0.11 | May 3, 2001 | HTML e-mail feature in Internet Explorer 5.5 and earlier allows attackers to execute attachments by setting an unusual MIME type for the attachment, which Internet Explorer does not process correctly. | |||
| CVE-2001-0092 | 0.01 | — | 0.12 | Feb 16, 2001 | A function in Internet Explorer 5.0 through 5.5 does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a new variant of the "Frame Domain Verification" vulnerability. | |||
| CVE-2000-0982 | 0.01 | — | 0.13 | Dec 19, 2000 | Internet Explorer before 5.5 forwards cached user credentials for a secure web site to insecure pages on the same web site, which could allow remote attackers to obtain the credentials by monitoring connections to the web server, aka the "Cached Web Credentials" vulnerability. | |||
| CVE-2000-0768 | 0.01 | — | 0.10 | Oct 20, 2000 | A function in Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a variant of the "Frame Domain Verification" vulnerability. | |||
| CVE-2000-0662 | 0.01 | — | 0.21 | Jul 14, 2000 | Internet Explorer 5.x and Microsoft Outlook allows remote attackers to read arbitrary files by redirecting the contents of an IFRAME using the DHTML Edit Control (DHTMLED). | |||
| CVE-2000-0503 | 0.01 | — | 0.09 | Jun 6, 2000 | The IFRAME of the WebBrowser control in Internet Explorer 5.01 allows a remote attacker to violate the cross frame security policy via the NavigateComplete2 event. | |||
| CVE-2000-0464 | 0.01 | — | 0.13 | May 17, 2000 | Internet Explorer 4.x and 5.x allows remote attackers to execute arbitrary commands via a buffer overflow in the ActiveX parameter parsing capability, aka the "Malformed Component Attribute" vulnerability. | |||
| CVE-2000-0439 | 0.01 | — | 0.06 | May 11, 2000 | Internet Explorer 4.0 and 5.0 allows a malicious web site to obtain client cookies from another domain by including that domain name and escaped characters in a URL, aka the "Unauthorized Cookie Access" vulnerability. | |||
| CVE-2000-0266 | 0.01 | — | 0.16 | Apr 18, 2000 | Internet Explorer 5.01 allows remote attackers to bypass the cross frame security policy via a malicious applet that interacts with the Java JSObject to modify the DOM properties to set the IFRAME to an arbitrary Javascript URL. | |||
| CVE-2000-0201 | 0.01 | — | 0.07 | Mar 1, 2000 | The window.showHelp() method in Internet Explorer 5.x does not restrict HTML help files (.chm) to be executed from the local host, which allows remote attackers to execute arbitrary commands via Microsoft Networking. | |||
| CVE-2000-0160 | 0.01 | — | 0.09 | Feb 21, 2000 | The Microsoft Active Setup ActiveX component in Internet Explorer 4.x and 5.x allows a remote attacker to install software components without prompting the user by stating that the software's manufacturer is Microsoft. | |||
| CVE-2000-0162 | 0.01 | — | 0.08 | Feb 18, 2000 | The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the "VM File Reading" vulnerability. | |||
| CVE-1999-1093 | 0.01 | — | 0.13 | Dec 31, 1999 | Buffer overflow in the Window.External function in the JScript Scripting Engine in Internet Explorer 4.01 SP1 and earlier allows remote attackers to execute arbitrary commands via a malicious web page. | |||
| CVE-1999-1087 | 0.01 | — | 0.06 | Dec 31, 1999 | Internet Explorer 4 treats a 32-bit number ("dotless IP address") in the a URL as the hostname instead of an IP address, which causes IE to apply Local Intranet Zone settings to the resulting web page, allowing remote malicious web servers to conduct unauthorized activities by… | |||
| CVE-1999-1094 | 0.01 | — | 0.18 | Dec 31, 1999 | Buffer overflow in Internet Explorer 4.01 and earlier allows remote attackers to execute arbitrary commands via a long URL with the "mk:" protocol, aka the "MK Overrun security issue." | |||
| CVE-1999-1472 | 0.01 | — | 0.17 | Dec 31, 1999 | Internet Explorer 4.0 allows remote attackers to read arbitrary text and HTML files on the user's machine via a small IFRAME that uses Dynamic HTML (DHTML) to send the data to the attacker, aka the Freiburg text-viewing issue. | |||
| CVE-1999-1473 | 0.01 | — | 0.07 | Dec 31, 1999 | When a Web site redirects the browser to another site, Internet Explorer 3.02 and 4.0 automatically resends authentication information to the second site, aka the "Page Redirect Issue." | |||
| CVE-1999-0858 | 0.01 | — | 0.13 | Dec 2, 1999 | Internet Explorer 5 allows a remote attacker to modify the IE client's proxy configuration via a malicious Web Proxy Auto-Discovery (WPAD) server. | |||
| CVE-1999-0670 | 0.01 | — | 0.08 | Sep 1, 1999 | Buffer overflow in the Eyedog ActiveX control allows a remote attacker to execute arbitrary commands. |
- CVE-2001-1450May 11, 2001risk 0.01cvss —epss 0.07
Microsoft Internet Explorer 5.0 through 6.0 allows attackers to cause a denial of service (browser crash) via a crafted FTP URL such as "/.#./".
- CVE-2001-0154May 3, 2001risk 0.01cvss —epss 0.11
HTML e-mail feature in Internet Explorer 5.5 and earlier allows attackers to execute attachments by setting an unusual MIME type for the attachment, which Internet Explorer does not process correctly.
- CVE-2001-0092Feb 16, 2001risk 0.01cvss —epss 0.12
A function in Internet Explorer 5.0 through 5.5 does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a new variant of the "Frame Domain Verification" vulnerability.
- CVE-2000-0982Dec 19, 2000risk 0.01cvss —epss 0.13
Internet Explorer before 5.5 forwards cached user credentials for a secure web site to insecure pages on the same web site, which could allow remote attackers to obtain the credentials by monitoring connections to the web server, aka the "Cached Web Credentials" vulnerability.
- CVE-2000-0768Oct 20, 2000risk 0.01cvss —epss 0.10
A function in Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a variant of the "Frame Domain Verification" vulnerability.
- CVE-2000-0662Jul 14, 2000risk 0.01cvss —epss 0.21
Internet Explorer 5.x and Microsoft Outlook allows remote attackers to read arbitrary files by redirecting the contents of an IFRAME using the DHTML Edit Control (DHTMLED).
- CVE-2000-0503Jun 6, 2000risk 0.01cvss —epss 0.09
The IFRAME of the WebBrowser control in Internet Explorer 5.01 allows a remote attacker to violate the cross frame security policy via the NavigateComplete2 event.
- CVE-2000-0464May 17, 2000risk 0.01cvss —epss 0.13
Internet Explorer 4.x and 5.x allows remote attackers to execute arbitrary commands via a buffer overflow in the ActiveX parameter parsing capability, aka the "Malformed Component Attribute" vulnerability.
- CVE-2000-0439May 11, 2000risk 0.01cvss —epss 0.06
Internet Explorer 4.0 and 5.0 allows a malicious web site to obtain client cookies from another domain by including that domain name and escaped characters in a URL, aka the "Unauthorized Cookie Access" vulnerability.
- CVE-2000-0266Apr 18, 2000risk 0.01cvss —epss 0.16
Internet Explorer 5.01 allows remote attackers to bypass the cross frame security policy via a malicious applet that interacts with the Java JSObject to modify the DOM properties to set the IFRAME to an arbitrary Javascript URL.
- CVE-2000-0201Mar 1, 2000risk 0.01cvss —epss 0.07
The window.showHelp() method in Internet Explorer 5.x does not restrict HTML help files (.chm) to be executed from the local host, which allows remote attackers to execute arbitrary commands via Microsoft Networking.
- CVE-2000-0160Feb 21, 2000risk 0.01cvss —epss 0.09
The Microsoft Active Setup ActiveX component in Internet Explorer 4.x and 5.x allows a remote attacker to install software components without prompting the user by stating that the software's manufacturer is Microsoft.
- CVE-2000-0162Feb 18, 2000risk 0.01cvss —epss 0.08
The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the "VM File Reading" vulnerability.
- CVE-1999-1093Dec 31, 1999risk 0.01cvss —epss 0.13
Buffer overflow in the Window.External function in the JScript Scripting Engine in Internet Explorer 4.01 SP1 and earlier allows remote attackers to execute arbitrary commands via a malicious web page.
- CVE-1999-1087Dec 31, 1999risk 0.01cvss —epss 0.06
Internet Explorer 4 treats a 32-bit number ("dotless IP address") in the a URL as the hostname instead of an IP address, which causes IE to apply Local Intranet Zone settings to the resulting web page, allowing remote malicious web servers to conduct unauthorized activities by…
- CVE-1999-1094Dec 31, 1999risk 0.01cvss —epss 0.18
Buffer overflow in Internet Explorer 4.01 and earlier allows remote attackers to execute arbitrary commands via a long URL with the "mk:" protocol, aka the "MK Overrun security issue."
- CVE-1999-1472Dec 31, 1999risk 0.01cvss —epss 0.17
Internet Explorer 4.0 allows remote attackers to read arbitrary text and HTML files on the user's machine via a small IFRAME that uses Dynamic HTML (DHTML) to send the data to the attacker, aka the Freiburg text-viewing issue.
- CVE-1999-1473Dec 31, 1999risk 0.01cvss —epss 0.07
When a Web site redirects the browser to another site, Internet Explorer 3.02 and 4.0 automatically resends authentication information to the second site, aka the "Page Redirect Issue."
- CVE-1999-0858Dec 2, 1999risk 0.01cvss —epss 0.13
Internet Explorer 5 allows a remote attacker to modify the IE client's proxy configuration via a malicious Web Proxy Auto-Discovery (WPAD) server.
- CVE-1999-0670Sep 1, 1999risk 0.01cvss —epss 0.08
Buffer overflow in the Eyedog ActiveX control allows a remote attacker to execute arbitrary commands.
Page 80 of 87