1305 matches found
CVE-2001-1219
The vulnerability affects Microsoft Internet Explorer 6.0 and earlier , where a malicious page can cause a denial‑of‑service by repeatedly refreshing the window via self.location, potentially crashing the client. The provided documents identify the basic behavior but do not specify vendor patches...
CVE-2002-0057
XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source...
IE fails to check certificates properly if initial SSL connection originates in an IFRAME or Image
Overview Several flaws exist in Microsoft Internet Explorer that could allow an attacker to masquerade as a legitimate web site if the attacker can compromise the validity of certain DNS information. These problems are different from the problems reported in CERT Advisory CA-2000-05 and CERT...
CVE-1999-1474
CVE-1999-1474 concerns PowerPoint 95 and 97 where opening a document in a browser (e.g., Internet Explorer) could trigger an automatic execution of an application without user prompting. The available sources describe that remote attackers could cause an application to run automatically via the s...
CVE-2001-0150
Affected software: Internet Explorer 5.5 and earlier running on Windows, when used with the Telnet client provided by Services for Unix (SFU) 2.0. Vulnerability: IE can invoke Telnet with unsafe command-line arguments supplied by a web page, enabling remote attackers to cause arbitrary command ex...
CVE-2000-0982
Consolidated details: The CVE affects Internet Explorer prior to version 5.5, where cached credentials for a secure site could be forwarded to insecure pages on the same site. This exposure could let remote attackers obtain credentials by monitoring connections to the web server. Root cause is th...
IE 5.x/Outlook allows executing arbitrary programs using .chm files and temporary internet files folder
Georgi Guninski security advisory 28, 2000 IE 5.x/Outlook allows executing arbitrary programs using .chm files and temporary internet files folder Systems affected: IE 5.x/Outlook/Outlook Express - probably other versions, have not tested Risk: High Date: 20 October 2000 Legal Notice: This Adviso...
guninski27.txt
Georgi Guninski security advisory 27, 2000 IE 5.x Win2000 Indexing service vulnerability Systems affected: IE 5.x/Outlook/Outlook Express - Windows 2000 with Indexing service started Risk: Medium Date: 10 November 2000 Legal Notice: This Advisory is Copyright c 2000 Georgi Guninski. You may...
IE 5.5/Outlook java security vulnerability - reading arbitrary local files and URLs
Georgi Guninski security advisory 24, 2000 IE 5.5/Outlook java security vulnerability - reading arbitrary local files and URLs Systems affected: IE 5.5/Outlook/Outlook Express - probably other versions, have not tested Risk: High Date: 18 October 2000 Legal Notice: This Advisory is Copyright c 20...
CVE-2000-0518
This CVE concerns Internet Explorer 4.x/5.x where SSL certificate validation is incomplete when the connection is initiated via an image or an iframe. The underlying issue is that IE verifies only that the certificate was issued by a trusted root, but does not confirm the server name or the certi...
CVE-2000-0597
The CVE-2000-0597 entry concerns Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97. The vulnerability arises because these products are marked as safe for scripting, enabling a remote attacker to coax Internet Explorer or some email clients to save files to arbitrary locations via th...
IE 5.5/Outlook security vulnerability - com.ms.activeX.ActiveXComponent allows executing arbitrary programs
Georgi Guninski security advisory 23, 2000 IE 5.5/Outlook security vulnerability - com.ms.activeX.ActiveXComponent allows executing arbitrary programs Systems affected: IE 5.5/Outlook/Outlook Express - probably other versions, have not tested Risk: High Date: 5 October 2000 Legal Notice: This...
IE 5.5/Outlook Express security vulnerability - GetObject() expose user's files
Georgi Guninski security advisory 22, 2000 IE 5.5/Outlook Express security vulnerability - GetObject expose user's files Systems affected: IE 5.5, Outlook Express,probably Outlook - Win98/2000. Probably other versions - have not tested. Risk: High Date: 26 September 2000 Legal Notice: This Adviso...
ie5-msn.exec.txt
This is a multi-part message in MIME format. --------------CEF2E6A38C7BDB5B012ADFB8 Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit Georgi Guninski security advisory 18, 2000 IE 5.5/5.x for Win98 may execute arbitrary files that can be accessed thru Microsoft Networking...
IE 5.5 and 5.01 vulnerability - reading at least local and from any host text and parsed html files
Georgi Guninski security advisory 16, 2000 IE 5.5 and 5.01 vulnerability - reading at least local and from any host text and parsed html files Systems affected: IE 5.5, 5.01 / Win98 - probably other versions, have not tested Risk: Medium Disclaimer: The opinions expressed in this advisory and...
ie5-excel-powerpoint.txt
Georgi Guninski security advisory 13, 2000 IE 5 and Excel 2000, PowerPoint 2000 vulnerability - executing programs Systems affected: IE 5.01, Excel 2000, PowerPoint 2000, Win98 - probably other versions, have not tested Risk: High Disclaimer: The opinions expressed in this advisory and program ar...
ie5-access2000.txt
Georgi Guninski security advisory 14, 2000 IE 5 and Access 2000 vulnerability - executing programs Systems affected: IE 5.01, Access 2000, Win98 - probably other versions, have not tested Risk: High Disclaimer: The opinions expressed in this advisory and program are my own and not of any company...
Win 2000 & IE 'shell://' problem?
I found that IE 5 running Win 2000 accepts "shell://" as a legal protocol, and when any URL ie "shell://localhost" or just "shell://" is loaded IE crashes and brings explorer.exe down with it. I think this would cause a user who didnt know much to think that Win 2000 had crashed of course killing...
CVE-2000-0162
Technical details (affected product/version, exploitability, and mitigations) are not publicly available in the provided documents. Monitor for updates from official advisories to confirm impact and remediation guidance.
CVE-1999-0488
CVE-1999-0488 affects Internet Explorer 4.0 and 5.0. The vulnerability is a variant of the “cross frame” issue that allows a remote attacker to execute security scripts in a different security context via malicious URLs. The description indicates this is a remote code execution-style weakness thr...