VYPR

Internet Explorer

by Microsoft

CVEs (1,725)

  • CVE-2001-1497Dec 31, 2001
    risk 0.00cvss epss 0.02

    Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a…

  • CVE-2001-1219Dec 20, 2001
    risk 0.00cvss epss 0.06

    Microsoft Internet Explorer 6.0 and earlier allows malicious website operators to cause a denial of service (client crash) via JavaScript that continually refreshes the window via self.location.

  • CVE-2001-0720Dec 6, 2001
    risk 0.00cvss epss 0.02

    Internet Explorer 5.1 for Macintosh on Mac OS X allows remote attackers to execute arbitrary commands by causing a BinHex or MacBinary file type to be downloaded, which causes the files to be executed if automatic decoding is enabled.

  • CVE-2001-0919Nov 26, 2001
    risk 0.00cvss epss 0.03

    Internet Explorer 5.50.4134.0100 on Windows ME with "Prompt to allow cookies to be stored on your machine" enabled does not warn a user when a cookie is set using Javascript.

  • CVE-2001-0712Oct 30, 2001
    risk 0.00cvss epss 0.06

    The rendering engine in Internet Explorer determines the MIME type independently of the type that is specified by the server, which allows remote servers to automatically execute script which is placed in a file whose MIME type does not normally support scripting, such as text…

  • CVE-2001-0338Jun 27, 2001
    risk 0.00cvss epss 0.05

    Internet Explorer 5.5 and earlier does not properly validate digital certificates when Certificate Revocation List (CRL) checking is enabled, which could allow remote attackers to spoof trusted web sites, aka the "Server certificate validation vulnerability."

  • CVE-2001-0332Jun 27, 2001
    risk 0.00cvss epss 0.06

    Internet Explorer 5.5 and earlier does not properly verify the domain of a frame within a browser window, which allows remote web site operators to read certain files on the client by sending information from a local frame to a frame in a different domain using…

  • CVE-2001-0246Jun 27, 2001
    risk 0.00cvss epss 0.06

    Internet Explorer 5.5 and earlier does not properly verify the domain of a frame within a browser window, which allows remote web site operators to read certain files on the client by sending information from a local frame to a frame in a different domain, aka a variant of the…

  • CVE-2001-0090Feb 16, 2001
    risk 0.00cvss epss 0.04

    The Print Templates feature in Internet Explorer 5.5 executes arbitrary custom print templates without prompting the user, which could allow an attacker to execute arbitrary ActiveX controls, aka the "Browser Print Template" vulnerability.

  • CVE-2001-0091Feb 16, 2001
    risk 0.00cvss epss 0.05

    The ActiveX control for invoking a scriptlet in Internet Explorer 5.0 through 5.5 renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka a variant of the "Scriptlet Rendering" vulnerability.

  • CVE-2000-0790Oct 20, 2000
    risk 0.00cvss epss 0.02

    The web-based folder display capability in Microsoft Internet Explorer 5.5 on Windows 98 allows local users to insert Trojan horse programs by modifying the Folder.htt file and using the InvokeVerb method in the ShellDefView ActiveX control to specify a default execute option…

  • CVE-2000-0767Oct 20, 2000
    risk 0.00cvss epss 0.04

    The ActiveX control for invoking a scriptlet in Internet Explorer 4.x and 5.x renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka the "Scriptlet Rendering" vulnerability.

  • CVE-2000-0518Jun 5, 2000
    risk 0.00cvss epss 0.05

    Internet Explorer 4.x and 5.x does not properly verify all contents of an SSL certificate if a connection is made to the server via an image or a frame, aka one of two different "SSL Certificate Validation" vulnerabilities.

  • CVE-2000-0519Jun 5, 2000
    risk 0.00cvss epss 0.05

    Internet Explorer 4.x and 5.x does not properly re-validate an SSL certificate if the user establishes a new SSL session with the same server during the same Internet Explorer session, aka one of two different "SSL Certificate Validation" vulnerabilities.

  • CVE-1999-0876Jan 4, 2000
    risk 0.00cvss epss 0.06

    Buffer overflow in Internet Explorer 4.0 via EMBED tag.

  • CVE-1999-0827Nov 1, 1999
    risk 0.00cvss epss 0.05

    By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allows frame spoofing.

  • CVE-1999-0354Nov 1, 1999
    risk 0.00cvss epss 0.05

    Internet Explorer 4.x or 5.x with Word 97 allows arbitrary execution of Visual Basic programs to the IE client through the Word 97 template, which doesn't warn the user that the template contains executable content. Also applies to Outlook when the client views a malicious…

  • CVE-1999-0917May 27, 1999
    risk 0.00cvss epss 0.06

    The Preloader ActiveX control used by Internet Explorer allows remote attackers to read arbitrary files.

  • CVE-1999-1367May 6, 1999
    risk 0.00cvss epss 0.01

    Internet Explorer 5.0 does not properly reset the username/password cache for Web sites that do not use standard cache controls, which could allow users on the same system to access restricted web sites that were visited by other users.

  • CVE-1999-1370Mar 23, 1999
    risk 0.00cvss epss 0.01

    The setup wizard (ie5setup.exe) for Internet Explorer 5.0 disables (1) the screen saver, which could leave the system open to users with physical access if a failure occurs during an unattended installation, and (2) the Task Scheduler Service, which might prevent the scheduled…

Page 86 of 87