VYPR

Internet Explorer

by Microsoft

CVEs (1,725)

  • CVE-2001-1450May 11, 2001
    risk 0.01cvss epss 0.07

    Microsoft Internet Explorer 5.0 through 6.0 allows attackers to cause a denial of service (browser crash) via a crafted FTP URL such as "/.#./".

  • CVE-2001-0154May 3, 2001
    risk 0.01cvss epss 0.11

    HTML e-mail feature in Internet Explorer 5.5 and earlier allows attackers to execute attachments by setting an unusual MIME type for the attachment, which Internet Explorer does not process correctly.

  • CVE-2001-0092Feb 16, 2001
    risk 0.01cvss epss 0.12

    A function in Internet Explorer 5.0 through 5.5 does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a new variant of the "Frame Domain Verification" vulnerability.

  • CVE-2000-0982Dec 19, 2000
    risk 0.01cvss epss 0.13

    Internet Explorer before 5.5 forwards cached user credentials for a secure web site to insecure pages on the same web site, which could allow remote attackers to obtain the credentials by monitoring connections to the web server, aka the "Cached Web Credentials" vulnerability.

  • CVE-2000-0768Oct 20, 2000
    risk 0.01cvss epss 0.10

    A function in Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a variant of the "Frame Domain Verification" vulnerability.

  • CVE-2000-0662Jul 14, 2000
    risk 0.01cvss epss 0.21

    Internet Explorer 5.x and Microsoft Outlook allows remote attackers to read arbitrary files by redirecting the contents of an IFRAME using the DHTML Edit Control (DHTMLED).

  • CVE-2000-0503Jun 6, 2000
    risk 0.01cvss epss 0.09

    The IFRAME of the WebBrowser control in Internet Explorer 5.01 allows a remote attacker to violate the cross frame security policy via the NavigateComplete2 event.

  • CVE-2000-0464May 17, 2000
    risk 0.01cvss epss 0.13

    Internet Explorer 4.x and 5.x allows remote attackers to execute arbitrary commands via a buffer overflow in the ActiveX parameter parsing capability, aka the "Malformed Component Attribute" vulnerability.

  • CVE-2000-0439May 11, 2000
    risk 0.01cvss epss 0.06

    Internet Explorer 4.0 and 5.0 allows a malicious web site to obtain client cookies from another domain by including that domain name and escaped characters in a URL, aka the "Unauthorized Cookie Access" vulnerability.

  • CVE-2000-0266Apr 18, 2000
    risk 0.01cvss epss 0.16

    Internet Explorer 5.01 allows remote attackers to bypass the cross frame security policy via a malicious applet that interacts with the Java JSObject to modify the DOM properties to set the IFRAME to an arbitrary Javascript URL.

  • CVE-2000-0201Mar 1, 2000
    risk 0.01cvss epss 0.07

    The window.showHelp() method in Internet Explorer 5.x does not restrict HTML help files (.chm) to be executed from the local host, which allows remote attackers to execute arbitrary commands via Microsoft Networking.

  • CVE-2000-0160Feb 21, 2000
    risk 0.01cvss epss 0.09

    The Microsoft Active Setup ActiveX component in Internet Explorer 4.x and 5.x allows a remote attacker to install software components without prompting the user by stating that the software's manufacturer is Microsoft.

  • CVE-2000-0162Feb 18, 2000
    risk 0.01cvss epss 0.08

    The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the "VM File Reading" vulnerability.

  • CVE-1999-1093Dec 31, 1999
    risk 0.01cvss epss 0.13

    Buffer overflow in the Window.External function in the JScript Scripting Engine in Internet Explorer 4.01 SP1 and earlier allows remote attackers to execute arbitrary commands via a malicious web page.

  • CVE-1999-1087Dec 31, 1999
    risk 0.01cvss epss 0.06

    Internet Explorer 4 treats a 32-bit number ("dotless IP address") in the a URL as the hostname instead of an IP address, which causes IE to apply Local Intranet Zone settings to the resulting web page, allowing remote malicious web servers to conduct unauthorized activities by…

  • CVE-1999-1094Dec 31, 1999
    risk 0.01cvss epss 0.18

    Buffer overflow in Internet Explorer 4.01 and earlier allows remote attackers to execute arbitrary commands via a long URL with the "mk:" protocol, aka the "MK Overrun security issue."

  • CVE-1999-1472Dec 31, 1999
    risk 0.01cvss epss 0.17

    Internet Explorer 4.0 allows remote attackers to read arbitrary text and HTML files on the user's machine via a small IFRAME that uses Dynamic HTML (DHTML) to send the data to the attacker, aka the Freiburg text-viewing issue.

  • CVE-1999-1473Dec 31, 1999
    risk 0.01cvss epss 0.07

    When a Web site redirects the browser to another site, Internet Explorer 3.02 and 4.0 automatically resends authentication information to the second site, aka the "Page Redirect Issue."

  • CVE-1999-0858Dec 2, 1999
    risk 0.01cvss epss 0.13

    Internet Explorer 5 allows a remote attacker to modify the IE client's proxy configuration via a malicious Web Proxy Auto-Discovery (WPAD) server.

  • CVE-1999-0670Sep 1, 1999
    risk 0.01cvss epss 0.08

    Buffer overflow in the Eyedog ActiveX control allows a remote attacker to execute arbitrary commands.

Page 80 of 87