CVE-2003-1484

Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service crash by creating a DHTML link that uses the AnchorClick "A" object with a blank href attribute...

DHTML Edit Control for IE5 allows local files to be uploaded to web server

Overview A vulnerability exists in the DHTML Edit Control for IE5 that allows arbitrary local files to be uploaded to a web server. Description DHTML Edit is an activex control that is marked safe-for-scripting. This control can be embedded in a website, and permit local files to be remotely...

CVE-1999-1472

This CVE (CVE-1999-1472) affects Internet Explorer 4.0. The vulnerability allows a remote attacker to read arbitrary text and HTML files on the user’s machine by delivering a small IFRAME that uses Dynamic HTML (DHTML) to exfiltrate data (the Freiburg text-viewing issue). The connected records co...

CVE-2000-0662

The CVE-2000-0662 entry describes a vulnerability in Internet Explorer 5.x and Microsoft Outlook where remote attackers can read arbitrary files by redirecting the contents of an IFRAME via the DHTML Edit Control (DHTMLED). The root cause is tied to the DHTMLED component handling dynamic HTML/IFR...

CVE-2000-0662

Internet Explorer 5.x and Microsoft Outlook allows remote attackers to read arbitrary files by redirecting the contents of an IFRAME using the DHTML Edit Control DHTMLED...

CVE-2000-0662

Internet Explorer 5.x and Microsoft Outlook allows remote attackers to read arbitrary files by redirecting the contents of an IFRAME using the DHTML Edit Control DHTMLED...

IE5_vuln.txt

After hearing of some confusion regarding this vulnerability I thought it might be useful to post the description from our SF database to the list. This was written up by Eric Schultze and myself, and we would like to thank Georgi Guninski, Steve Lipner, and David LeBlanc for their help. Thanks...

CVE-1999-0487

The vulnerability CVE-1999-0487 affects the DHTML Edit ActiveX control (dhtmled.ocx) used by Internet Explorer. The control can read arbitrary local files, enabling an attacker to exfiltrate data through the browser. Concrete details confirm affected software and root cause: Internet Explorer wit...

CVE-1999-0487

The DHTML Edit ActiveX control in Internet Explorer allows remote attackers to read arbitrary files...

Microsoft Internet Explorer 5 - Download Behaviour

Microsoft Internet Explorer 5 - Download Behaviour Microsoft Internet Explorer 5.0 for Windows 95/Windows 98/Windows NT 4 Download Behavior Vulnerability source: https://www.securityfocus.com/bid/674/info The "download behavior" feature of Microsoft's Internet Explorer 5 may allow a malicious web...

Microsoft Internet Explorer 5 - Download Behaviour

Microsoft Internet Explorer 5.0 for Windows 95/Windows 98/Windows NT 4 Download Behavior Vulnerability source: https://www.securityfocus.com/bid/674/info The "download behavior" feature of Microsoft's Internet Explorer 5 may allow a malicious web site operator to read files on an IE5 client...

msie.5.dhtml.cuartango.txt

Date: Wed, 24 Mar 1999 12:11:09 +0100 From: Juan Carlos Garcia Cuartango To: [email protected] Subject: IE 5 security vulnerabilities Greetings, Microsoft delivers with IE 5 an Active X control called "DHTML Edit control Safe for Scripting for IE 5". In my opinion this control IS N...

msie.fixes.4.99.txt

Date: Wed, 21 Apr 1999 18:13:39 -0700 From: [email protected] To: [email protected] Subject: Microsoft Security Bulletin MS99-011 The following is a Security Bulletin from the Microsoft Product Security Notification Service. Please do not reply to this message, as it was sent from an...

CVE-1999-0487

The DHTML Edit ActiveX control in Internet Explorer allows remote attackers to read arbitrary files...

Microsoft Internet Explorer 45 - DHTML Edit ActiveX Control File Stealing Cross Frame Access

Microsoft Internet Explorer 45 - DHTML Edit ActiveX Control File Stealing Cross Frame Access source: https://www.securityfocus.com/bid/116/info Vulnerabilities in an ActiveX control distributed with Internet Explorer 5 and available for Internet Explorer 4 allow malicous web sites to steal local...

Microsoft Internet Explorer 4/5 - DHTML Edit ActiveX Control File Stealing / Cross Frame Access

source: https://www.securityfocus.com/bid/116/info Vulnerabilities in an ActiveX control distributed with Internet Explorer 5 and available for Internet Explorer 4 allow malicous web sites to steal local files and to bypass cross-frame security rules. The DHTML Edit Control Safe for Scripting...