Internet Explorer
by Microsoft
CVEs (1,725)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-5522 | 0.00 | — | 0.03 | Dec 12, 2008 | AVG Anti-Virus 8.0.0.161, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or… | |||
| CVE-2008-2159 | 0.00 | — | 0.02 | May 12, 2008 | Microsoft Internet Explorer 7 can save encrypted pages in the cache even when the DisableCachingOfSSLPages registry setting is enabled, which might allow local users to obtain sensitive information. | |||
| CVE-2007-4841 | 0.00 | — | 0.03 | Sep 12, 2007 | Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to execute arbitrary commands via a (1) mailto, (2) nntp, (3) news, or (4) snews URI with invalid "%" encoding, related to improper file type handling on Windows XP… | |||
| CVE-2007-4356 | 0.00 | — | 0.06 | Aug 15, 2007 | Microsoft Internet Explorer 6 and 7 embeds FTP credentials in HTML files that are retrieved during an FTP session, which allows context-dependent attackers to obtain sensitive information by reading the HTML source, as demonstrated by a (1) .htm, (2) .html, or (3) .mht file. | |||
| CVE-2007-0685 | 0.00 | — | 0.06 | Feb 3, 2007 | Internet Explorer on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows attackers to cause a denial of service (application crash and device instability) via unspecified vectors, possibly related to a buffer overflow. | |||
| CVE-2006-5913 | 0.00 | — | 0.05 | Nov 15, 2006 | Microsoft Internet Explorer 7 allows remote attackers to (1) cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/sslnavcancel.htm with the target site in the anchor identifier, which displays the site's URL in the address bar but… | |||
| CVE-2006-5805 | 0.00 | — | 0.06 | Nov 8, 2006 | Microsoft Internet Explorer 7 allows remote attackers to cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/invalidcert.htm with the target site as an argument, which displays the site's URL in the address bar but causes… | |||
| CVE-2005-3240 | 0.00 | — | 0.06 | Dec 31, 2005 | Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder view, then predicting the drag… | |||
| CVE-2005-4269 | 0.00 | — | 0.05 | Dec 15, 2005 | mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office… | |||
| CVE-2005-1791 | 0.00 | — | 0.04 | May 28, 2005 | Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the user attempts to add a URI to the restricted zone, in which the full domain name of the URI begins with numeric sequences similar to an IP address. NOTE: if there is not an exploit scenario in which an attacker… | |||
| CVE-2004-2704 | 0.00 | — | 0.05 | Dec 31, 2004 | Hastymail 1.0.1 and earlier (stable) and 1.1 and earlier (development) does not send the "attachment" parameter in the Content-Disposition field for attachments, which causes the attachment to be rendered inline by Internet Explorer when the victim clicks the download link,… | |||
| CVE-2004-1527 | 0.00 | — | 0.01 | Dec 31, 2004 | Microsoft Internet Explorer 6.0 SP1 does not properly handle certain character strings in the Path attribute, which can cause it to modify cookies in other domains when the attacker's domain name is within the target's domain name or when wildcard DNS is being used, which allows… | |||
| CVE-2004-1198 | 0.00 | — | 0.02 | Dec 31, 2004 | Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash from memory consumption), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays. | |||
| CVE-2004-2382 | 0.00 | — | 0.02 | Dec 31, 2004 | The PerfectNav plugin for Microsoft Internet Explorer allows remote attackers to cause a denial of service (browser crash) via a malformed URL such as "?". | |||
| CVE-2004-0979 | 0.00 | — | 0.04 | Dec 31, 2004 | Internet Explorer on Windows XP does not properly modify the "Drag and Drop or copy and paste files" setting when the user sets it to "Disable" or "Prompt," which may enable security-sensitive operations that are inconsistent with the user's intended configuration. | |||
| CVE-2004-0719 | 0.00 | — | 0.05 | Jul 27, 2004 | Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, and possibly other versions, does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the… | |||
| CVE-2002-1670 | 0.00 | — | 0.01 | Dec 31, 2002 | Microsoft Windows XP Professional upgrade edition overwrites previously installed patches for Internet Explorer 6.0, leaving Internet Explorer unpatched. | |||
| CVE-2002-1824 | 0.00 | — | 0.03 | Dec 31, 2002 | Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a webserver's certificate chain during a SSL/TLS handshake, does not prompt the user before searching for and finding a newer certificate, which may allow attackers to perform a man-in-the-middle attack. NOTE:… | |||
| CVE-2002-0815 | 0.00 | — | 0.04 | Aug 12, 2002 | The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted… | |||
| CVE-2002-0024 | 0.00 | — | 0.04 | Mar 8, 2002 | File Download box in Internet Explorer 5.01, 5.5 and 6.0 allows an attacker to use the Content-Disposition and Content-Type HTML header fields to modify how the name of the file is displayed, which could trick a user into believing that a file is safe to download. |
- CVE-2008-5522Dec 12, 2008risk 0.00cvss —epss 0.03
AVG Anti-Virus 8.0.0.161, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or…
- CVE-2008-2159May 12, 2008risk 0.00cvss —epss 0.02
Microsoft Internet Explorer 7 can save encrypted pages in the cache even when the DisableCachingOfSSLPages registry setting is enabled, which might allow local users to obtain sensitive information.
- CVE-2007-4841Sep 12, 2007risk 0.00cvss —epss 0.03
Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to execute arbitrary commands via a (1) mailto, (2) nntp, (3) news, or (4) snews URI with invalid "%" encoding, related to improper file type handling on Windows XP…
- CVE-2007-4356Aug 15, 2007risk 0.00cvss —epss 0.06
Microsoft Internet Explorer 6 and 7 embeds FTP credentials in HTML files that are retrieved during an FTP session, which allows context-dependent attackers to obtain sensitive information by reading the HTML source, as demonstrated by a (1) .htm, (2) .html, or (3) .mht file.
- CVE-2007-0685Feb 3, 2007risk 0.00cvss —epss 0.06
Internet Explorer on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows attackers to cause a denial of service (application crash and device instability) via unspecified vectors, possibly related to a buffer overflow.
- CVE-2006-5913Nov 15, 2006risk 0.00cvss —epss 0.05
Microsoft Internet Explorer 7 allows remote attackers to (1) cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/sslnavcancel.htm with the target site in the anchor identifier, which displays the site's URL in the address bar but…
- CVE-2006-5805Nov 8, 2006risk 0.00cvss —epss 0.06
Microsoft Internet Explorer 7 allows remote attackers to cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/invalidcert.htm with the target site as an argument, which displays the site's URL in the address bar but causes…
- CVE-2005-3240Dec 31, 2005risk 0.00cvss —epss 0.06
Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder view, then predicting the drag…
- CVE-2005-4269Dec 15, 2005risk 0.00cvss —epss 0.05
mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office…
- CVE-2005-1791May 28, 2005risk 0.00cvss —epss 0.04
Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the user attempts to add a URI to the restricted zone, in which the full domain name of the URI begins with numeric sequences similar to an IP address. NOTE: if there is not an exploit scenario in which an attacker…
- CVE-2004-2704Dec 31, 2004risk 0.00cvss —epss 0.05
Hastymail 1.0.1 and earlier (stable) and 1.1 and earlier (development) does not send the "attachment" parameter in the Content-Disposition field for attachments, which causes the attachment to be rendered inline by Internet Explorer when the victim clicks the download link,…
- CVE-2004-1527Dec 31, 2004risk 0.00cvss —epss 0.01
Microsoft Internet Explorer 6.0 SP1 does not properly handle certain character strings in the Path attribute, which can cause it to modify cookies in other domains when the attacker's domain name is within the target's domain name or when wildcard DNS is being used, which allows…
- CVE-2004-1198Dec 31, 2004risk 0.00cvss —epss 0.02
Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash from memory consumption), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays.
- CVE-2004-2382Dec 31, 2004risk 0.00cvss —epss 0.02
The PerfectNav plugin for Microsoft Internet Explorer allows remote attackers to cause a denial of service (browser crash) via a malformed URL such as "?".
- CVE-2004-0979Dec 31, 2004risk 0.00cvss —epss 0.04
Internet Explorer on Windows XP does not properly modify the "Drag and Drop or copy and paste files" setting when the user sets it to "Disable" or "Prompt," which may enable security-sensitive operations that are inconsistent with the user's intended configuration.
- CVE-2004-0719Jul 27, 2004risk 0.00cvss —epss 0.05
Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, and possibly other versions, does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the…
- CVE-2002-1670Dec 31, 2002risk 0.00cvss —epss 0.01
Microsoft Windows XP Professional upgrade edition overwrites previously installed patches for Internet Explorer 6.0, leaving Internet Explorer unpatched.
- CVE-2002-1824Dec 31, 2002risk 0.00cvss —epss 0.03
Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a webserver's certificate chain during a SSL/TLS handshake, does not prompt the user before searching for and finding a newer certificate, which may allow attackers to perform a man-in-the-middle attack. NOTE:…
- CVE-2002-0815Aug 12, 2002risk 0.00cvss —epss 0.04
The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted…
- CVE-2002-0024Mar 8, 2002risk 0.00cvss —epss 0.04
File Download box in Internet Explorer 5.01, 5.5 and 6.0 allows an attacker to use the Content-Disposition and Content-Type HTML header fields to modify how the name of the file is displayed, which could trick a user into believing that a file is safe to download.
Page 85 of 87