Internet Explorer
by Microsoft
CVEs (1,725)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2001-1497 | 0.00 | — | 0.02 | Dec 31, 2001 | Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a… | |||
| CVE-2001-1219 | 0.00 | — | 0.06 | Dec 20, 2001 | Microsoft Internet Explorer 6.0 and earlier allows malicious website operators to cause a denial of service (client crash) via JavaScript that continually refreshes the window via self.location. | |||
| CVE-2001-0720 | 0.00 | — | 0.02 | Dec 6, 2001 | Internet Explorer 5.1 for Macintosh on Mac OS X allows remote attackers to execute arbitrary commands by causing a BinHex or MacBinary file type to be downloaded, which causes the files to be executed if automatic decoding is enabled. | |||
| CVE-2001-0919 | 0.00 | — | 0.03 | Nov 26, 2001 | Internet Explorer 5.50.4134.0100 on Windows ME with "Prompt to allow cookies to be stored on your machine" enabled does not warn a user when a cookie is set using Javascript. | |||
| CVE-2001-0712 | 0.00 | — | 0.06 | Oct 30, 2001 | The rendering engine in Internet Explorer determines the MIME type independently of the type that is specified by the server, which allows remote servers to automatically execute script which is placed in a file whose MIME type does not normally support scripting, such as text… | |||
| CVE-2001-0338 | 0.00 | — | 0.05 | Jun 27, 2001 | Internet Explorer 5.5 and earlier does not properly validate digital certificates when Certificate Revocation List (CRL) checking is enabled, which could allow remote attackers to spoof trusted web sites, aka the "Server certificate validation vulnerability." | |||
| CVE-2001-0332 | 0.00 | — | 0.06 | Jun 27, 2001 | Internet Explorer 5.5 and earlier does not properly verify the domain of a frame within a browser window, which allows remote web site operators to read certain files on the client by sending information from a local frame to a frame in a different domain using… | |||
| CVE-2001-0246 | 0.00 | — | 0.06 | Jun 27, 2001 | Internet Explorer 5.5 and earlier does not properly verify the domain of a frame within a browser window, which allows remote web site operators to read certain files on the client by sending information from a local frame to a frame in a different domain, aka a variant of the… | |||
| CVE-2001-0090 | 0.00 | — | 0.04 | Feb 16, 2001 | The Print Templates feature in Internet Explorer 5.5 executes arbitrary custom print templates without prompting the user, which could allow an attacker to execute arbitrary ActiveX controls, aka the "Browser Print Template" vulnerability. | |||
| CVE-2001-0091 | 0.00 | — | 0.05 | Feb 16, 2001 | The ActiveX control for invoking a scriptlet in Internet Explorer 5.0 through 5.5 renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka a variant of the "Scriptlet Rendering" vulnerability. | |||
| CVE-2000-0790 | 0.00 | — | 0.02 | Oct 20, 2000 | The web-based folder display capability in Microsoft Internet Explorer 5.5 on Windows 98 allows local users to insert Trojan horse programs by modifying the Folder.htt file and using the InvokeVerb method in the ShellDefView ActiveX control to specify a default execute option… | |||
| CVE-2000-0767 | 0.00 | — | 0.04 | Oct 20, 2000 | The ActiveX control for invoking a scriptlet in Internet Explorer 4.x and 5.x renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka the "Scriptlet Rendering" vulnerability. | |||
| CVE-2000-0518 | 0.00 | — | 0.05 | Jun 5, 2000 | Internet Explorer 4.x and 5.x does not properly verify all contents of an SSL certificate if a connection is made to the server via an image or a frame, aka one of two different "SSL Certificate Validation" vulnerabilities. | |||
| CVE-2000-0519 | 0.00 | — | 0.05 | Jun 5, 2000 | Internet Explorer 4.x and 5.x does not properly re-validate an SSL certificate if the user establishes a new SSL session with the same server during the same Internet Explorer session, aka one of two different "SSL Certificate Validation" vulnerabilities. | |||
| CVE-1999-0876 | 0.00 | — | 0.06 | Jan 4, 2000 | Buffer overflow in Internet Explorer 4.0 via EMBED tag. | |||
| CVE-1999-0827 | 0.00 | — | 0.05 | Nov 1, 1999 | By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allows frame spoofing. | |||
| CVE-1999-0354 | 0.00 | — | 0.05 | Nov 1, 1999 | Internet Explorer 4.x or 5.x with Word 97 allows arbitrary execution of Visual Basic programs to the IE client through the Word 97 template, which doesn't warn the user that the template contains executable content. Also applies to Outlook when the client views a malicious… | |||
| CVE-1999-0917 | 0.00 | — | 0.06 | May 27, 1999 | The Preloader ActiveX control used by Internet Explorer allows remote attackers to read arbitrary files. | |||
| CVE-1999-1367 | 0.00 | — | 0.01 | May 6, 1999 | Internet Explorer 5.0 does not properly reset the username/password cache for Web sites that do not use standard cache controls, which could allow users on the same system to access restricted web sites that were visited by other users. | |||
| CVE-1999-1370 | 0.00 | — | 0.01 | Mar 23, 1999 | The setup wizard (ie5setup.exe) for Internet Explorer 5.0 disables (1) the screen saver, which could leave the system open to users with physical access if a failure occurs during an unattended installation, and (2) the Task Scheduler Service, which might prevent the scheduled… |
- CVE-2001-1497Dec 31, 2001risk 0.00cvss —epss 0.02
Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a…
- CVE-2001-1219Dec 20, 2001risk 0.00cvss —epss 0.06
Microsoft Internet Explorer 6.0 and earlier allows malicious website operators to cause a denial of service (client crash) via JavaScript that continually refreshes the window via self.location.
- CVE-2001-0720Dec 6, 2001risk 0.00cvss —epss 0.02
Internet Explorer 5.1 for Macintosh on Mac OS X allows remote attackers to execute arbitrary commands by causing a BinHex or MacBinary file type to be downloaded, which causes the files to be executed if automatic decoding is enabled.
- CVE-2001-0919Nov 26, 2001risk 0.00cvss —epss 0.03
Internet Explorer 5.50.4134.0100 on Windows ME with "Prompt to allow cookies to be stored on your machine" enabled does not warn a user when a cookie is set using Javascript.
- CVE-2001-0712Oct 30, 2001risk 0.00cvss —epss 0.06
The rendering engine in Internet Explorer determines the MIME type independently of the type that is specified by the server, which allows remote servers to automatically execute script which is placed in a file whose MIME type does not normally support scripting, such as text…
- CVE-2001-0338Jun 27, 2001risk 0.00cvss —epss 0.05
Internet Explorer 5.5 and earlier does not properly validate digital certificates when Certificate Revocation List (CRL) checking is enabled, which could allow remote attackers to spoof trusted web sites, aka the "Server certificate validation vulnerability."
- CVE-2001-0332Jun 27, 2001risk 0.00cvss —epss 0.06
Internet Explorer 5.5 and earlier does not properly verify the domain of a frame within a browser window, which allows remote web site operators to read certain files on the client by sending information from a local frame to a frame in a different domain using…
- CVE-2001-0246Jun 27, 2001risk 0.00cvss —epss 0.06
Internet Explorer 5.5 and earlier does not properly verify the domain of a frame within a browser window, which allows remote web site operators to read certain files on the client by sending information from a local frame to a frame in a different domain, aka a variant of the…
- CVE-2001-0090Feb 16, 2001risk 0.00cvss —epss 0.04
The Print Templates feature in Internet Explorer 5.5 executes arbitrary custom print templates without prompting the user, which could allow an attacker to execute arbitrary ActiveX controls, aka the "Browser Print Template" vulnerability.
- CVE-2001-0091Feb 16, 2001risk 0.00cvss —epss 0.05
The ActiveX control for invoking a scriptlet in Internet Explorer 5.0 through 5.5 renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka a variant of the "Scriptlet Rendering" vulnerability.
- CVE-2000-0790Oct 20, 2000risk 0.00cvss —epss 0.02
The web-based folder display capability in Microsoft Internet Explorer 5.5 on Windows 98 allows local users to insert Trojan horse programs by modifying the Folder.htt file and using the InvokeVerb method in the ShellDefView ActiveX control to specify a default execute option…
- CVE-2000-0767Oct 20, 2000risk 0.00cvss —epss 0.04
The ActiveX control for invoking a scriptlet in Internet Explorer 4.x and 5.x renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka the "Scriptlet Rendering" vulnerability.
- CVE-2000-0518Jun 5, 2000risk 0.00cvss —epss 0.05
Internet Explorer 4.x and 5.x does not properly verify all contents of an SSL certificate if a connection is made to the server via an image or a frame, aka one of two different "SSL Certificate Validation" vulnerabilities.
- CVE-2000-0519Jun 5, 2000risk 0.00cvss —epss 0.05
Internet Explorer 4.x and 5.x does not properly re-validate an SSL certificate if the user establishes a new SSL session with the same server during the same Internet Explorer session, aka one of two different "SSL Certificate Validation" vulnerabilities.
- CVE-1999-0876Jan 4, 2000risk 0.00cvss —epss 0.06
Buffer overflow in Internet Explorer 4.0 via EMBED tag.
- CVE-1999-0827Nov 1, 1999risk 0.00cvss —epss 0.05
By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allows frame spoofing.
- CVE-1999-0354Nov 1, 1999risk 0.00cvss —epss 0.05
Internet Explorer 4.x or 5.x with Word 97 allows arbitrary execution of Visual Basic programs to the IE client through the Word 97 template, which doesn't warn the user that the template contains executable content. Also applies to Outlook when the client views a malicious…
- CVE-1999-0917May 27, 1999risk 0.00cvss —epss 0.06
The Preloader ActiveX control used by Internet Explorer allows remote attackers to read arbitrary files.
- CVE-1999-1367May 6, 1999risk 0.00cvss —epss 0.01
Internet Explorer 5.0 does not properly reset the username/password cache for Web sites that do not use standard cache controls, which could allow users on the same system to access restricted web sites that were visited by other users.
- CVE-1999-1370Mar 23, 1999risk 0.00cvss —epss 0.01
The setup wizard (ie5setup.exe) for Internet Explorer 5.0 disables (1) the screen saver, which could leave the system open to users with physical access if a failure occurs during an unattended installation, and (2) the Task Scheduler Service, which might prevent the scheduled…
Page 86 of 87