Internet Explorer Security Vulnerabilities
By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allows frame...
7.4AI Score
0.002EPSS
Buffer overflow in HHOpen ActiveX control (hhopen.ocx) 1.0.0.1 for Internet Explorer 4.01 and 5 allows remote attackers to execute arbitrary commands via long arguments to the OpenHelp...
8.8AI Score
0.005EPSS
Internet Explorer 5 allows remote attackers to read files via an ExecCommand method called on an...
7.4AI Score
0.007EPSS
Buffer overflow in Registration Wizard ActiveX control (regwizc.dll, InvokeRegWizard) 3.0.0.0 for Internet Explorer 4.01 and 5 allows remote attackers to execute arbitrary...
8.5AI Score
0.002EPSS
The Kodak/Wang (1) Image Edit (imgedit.ocx), (2) Image Annotation (imgedit.ocx), (3) Image Scan (imgscan.ocx), (4) Thumbnail Image (imgthumb.ocx), (5) Image Admin (imgadmin.ocx), (6) HHOpen (hhopen.ocx), (7) Registration Wizard (regwizc.dll), and (8) IE Active Setup (setupctl.dll) ActiveX controls....
8.1AI Score
0.013EPSS
Internet Explorer 5.0 and 5.01 allows remote attackers to modify or execute files via the Import/Export Favorites feature, aka the "ImportExportFavorites"...
6.8AI Score
0.037EPSS
Buffer overflow in the Eyedog ActiveX control allows a remote attacker to execute arbitrary...
8.3AI Score
0.002EPSS
The "download behavior" in Internet Explorer 5 allows remote attackers to read arbitrary files via a server-side...
6.8AI Score
0.033EPSS
The Eyedog ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by...
8.4AI Score
0.029EPSS
Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) FrontPage Express, (3) Outlook Express 5, and (4) Eudora, and possibly others, allows remote malicious web site or HTML emails to cause a denial of service (100% CPU consumption) via large HTML form fields such as text inputs in a...
6.8AI Score
0.002EPSS
Internet Explorer 5.0 records the username and password for FTP servers in the URL history, which could allow (1) local users to read the information from another user's index.dat, or (2) people who are physically observing ("shoulder surfing") another user to read the information from the status.....
6.9AI Score
0.0005EPSS
The scriptlet.typelib ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by...
7.7AI Score
0.38EPSS
The Preloader ActiveX control used by Internet Explorer allows remote attackers to read arbitrary...
7.5AI Score
0.005EPSS
Buffer overflow in Internet Explorer 5 allows remote attackers to execute commands via a malformed Favorites...
8.3AI Score
0.004EPSS
Internet Explorer, with a security setting below Medium, allows remote attackers to execute arbitrary commands via a malicious web page that uses the FileSystemObject ActiveX...
8.5AI Score
0.004EPSS
Internet Explorer 5.0 does not properly reset the username/password cache for Web sites that do not use standard cache controls, which could allow users on the same system to access restricted web sites that were visited by other...
7.4AI Score
0.0004EPSS
The DHTML Edit ActiveX control in Internet Explorer allows remote attackers to read arbitrary...
6.9AI Score
0.017EPSS
MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to learn information about a local user's files via an IMG SRC...
7AI Score
0.01EPSS
Internet Explorer 4.0 and 5.0 allows a remote attacker to execute security scripts in a different security context using malicious URLs, a variant of the "cross frame"...
7.8AI Score
0.012EPSS
Internet Explorer 5.0 allows a remote server to read arbitrary files on the client's file system using the Microsoft Scriptlet...
7.4AI Score
0.002EPSS
Internet Explorer 5.0 allows window spoofing, allowing a remote attacker to spoof a legitimate web site and capture information from the...
7.1AI Score
0.853EPSS
The setup wizard (ie5setup.exe) for Internet Explorer 5.0 disables (1) the screen saver, which could leave the system open to users with physical access if a failure occurs during an unattended installation, and (2) the Task Scheduler Service, which might prevent the scheduled execution of...
7.1AI Score
0.001EPSS
Internet Explorer 4 allows remote attackers (malicious web site operators) to read the contents of the clipboard via the Internet WebBrowser ActiveX...
7.3AI Score
0.005EPSS
Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame...
7.4AI Score
0.026EPSS
Internet Explorer 4.01 allows remote attackers to read arbitrary files by pasting a file name into the file upload control, aka untrusted scripted...
7.5AI Score
0.032EPSS
Internet Explorer 4.0 and 4.01 allow a remote attacker to read files via IE's cross frame security, aka the "Cross Frame Navigate"...
7.3AI Score
0.005EPSS
Internet Explorer 4.0 allows remote attackers to cause a denial of service (crash) via HTML code that contains a long CLASSID parameter in an OBJECT...
7.6AI Score
0.182EPSS
A configuration in a web browser such as Internet Explorer or Netscape Navigator allows execution of active content such as ActiveX, Java, Javascript,...
7.4AI Score
0.001EPSS
7.7AI Score
0.003EPSS
Buffer overflow in the HTML library used by Internet Explorer, Outlook Express, and Windows Explorer via the res: local resource...
7.5AI Score
0.003EPSS
Internet Explorer 3 records a history of all URL's that are visited by a user in DAT files located in the Temporary Internet Files and History folders, which are not cleared when the user selects the "Clear History" option, and are not visible when the user browses the folders because of tailored.....
7.3AI Score
0.0005EPSS
JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x, 3.x and 4.x, allows remote attackers to monitor a user's web activities, aka the Bell Labs...
7.5AI Score
0.215EPSS
7.6AI Score
0.004EPSS
Internet Explorer 3.01 on Windows 95 allows remote malicious web sites to execute arbitrary commands via a .isp file, which is automatically downloaded and executed without prompting the...
8.3AI Score
0.002EPSS