23 matches found
Microsoft Internet Explorer COM Object Instantiation Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a memory corruption vulnerability that is related to the instantiation of COM objects. COM objects may corrupt system memory and facilitate arbitrary code execution in the context of the currently logged in user on the affected computer...
Microsoft Internet Explorer COM Object Instantiation Buffer Overflow Vulnerability
Description Microsoft Internet Explorer is prone to a buffer-overflow vulnerability that is exposed when certain COM objects are instantiated as ActiveX controls. A malicious webpage could pass content to these objects to trigger memory corruption. Successful exploits could let remote attackers...
CVE-2001-0643
Affected software: Internet Explorer 5.5. Issue: CLSID not displayed when it appears at the end of a file name, enabling spoofing of file type and potentially deceiving users into executing a dangerous program. Impact: user may run unintended or unsafe code due to misleading file type indication....
CVE-2001-0724
CVE-2001-0724 relates to Internet Explorer 5.5 (and related IE versions) where malformed URLs containing dotless IP addresses can cause the browser to treat a page as if it were in the Intranet Zone, bypassing some security restrictions (zone spoofing). The vulnerability is the use of numeric IP ...
CVE-2002-0024
CVE-2002-0024 affects Internet Explorer 5.01, 5.5 and 6.0. The issue allows an attacker to abuse Content-Disposition and Content-Type HTML headers to alter how a downloaded file’s name is displayed, potentially deceiving users into opening unsafe files. Exploitation details are not provided in th...
Microsoft Windows XP/2000/NT 4.0 - Help Facility ActiveX Control Buffer Overflow
// source: https://www.securityfocus.com/bid/5874/info The ActiveX control that provides much of the functionality for the Windows Help Center contains an unchecked buffer. Successful exploitation could result in execution of arbitrary code in the security context of the current user. / By...
CVE-2002-0077
CVE-2002-0077 affects Microsoft Internet Explorer 5.01, 5.5 and 6.0. The vulnerability arises when objects invoked on HTML pages use CODEBASE/local object handling, causing the Local Computer zone to potentially execute local executables via certain objects (e.g., popup). This could allow remote ...
CVE-2002-0136
CVE-2002-0136 affects Microsoft Internet Explorer 5.5 on Windows 98. The vulnerability enables a remote web page to trigger a denial-of-service (hang) by sending extremely long values in form fields (INPUT/TEXTAREA) that can be auto-filled via JavaScript. The available sources describe the affect...
CVE-2000-0790
The web-based folder display capability in Microsoft Internet Explorer 5.5 on Windows 98 allows local users to insert Trojan horse programs by modifying the Folder.htt file and using the InvokeVerb method in the ShellDefView ActiveX control to specify a default execute option for the first file...
CVE-2001-0664
Summary (CVE-2001-0664 / CVE-2001-0724): Internet Explorer 5.01 and 5.5 are vulnerable to a zone-spoofing flaw where dotless IP addresses in URLs cause the page to be treated as Intranet Zone, bypassing some security restrictions. This can enable execution of scripts/ActiveX that would otherwise ...
CVE-2000-0790
The CVE-2000-0790 entry describes a local-in-the-IE5.5/Windows 98 scenario where modifying Folder.htt and invoking the default execute option via the ShellDefView ActiveX control could cause Trojan horses to be run for the first listed file. No explicit affected versions beyond IE 5.5 on Windows ...
CVE-2001-0875
CVE-2001-0875 affects Internet Explorer 5.01/5.5/6.0 where the file-download dialog can misrepresent the filename, potentially enabling remote code execution. OpenVAS details indicate the July 2004 IE Cumulative Patch (MS05-020) mitigates this, but it is not applied on the remote host in one list...
CVE-2001-0904
CVE-2001-0904 concerns Internet Explorer versions 5.5 and 6, where the MS01-055 (Q312461) patch modifies the HTTP_USER_AGENT string to indicate that the patch is installed. This behavior can enable remote malicious websites to more easily identify vulnerable clients. The provided records describe...
CVE-2001-0643
Internet Explorer 5.5 does not display the Class ID CLSID when it is at the end of the file name, which could allow attackers to trick the user into executing dangerous programs by making it appear that the document is of a safe file type...
CVE-2001-0338
The CVE-2001-0338 entry corresponds to Internet Explorer 5.5 and earlier failing to properly validate digital certificates when Certificate Revocation List (CRL) checking is enabled. The underlying issue is that, during CRL checking, IE does not consistently perform essential validity checks (e.g...
CVE-2001-0339
Summary: CVE-2001-0339 corresponds to a Web page spoofing vulnerability in Internet Explorer 5.5 and earlier, where the address bar could display a URL different from the actual page, enabling phishing-type spoofing. The connected OpenVAS entries reference Internet Explorer patches (e.g., 890923/...
CVE-2001-0338
Internet Explorer 5.5 and earlier does not properly validate digital certificates when Certificate Revocation List CRL checking is enabled, which could allow remote attackers to spoof trusted web sites, aka the "Server certificate validation vulnerability."...
CVE-2001-0246
CVE-2001-0246 affects Internet Explorer 5.5 and earlier. The vulnerability arises from improper verification of the domain of a frame within a browser window, enabling remote web site operators to read certain files on the client by sending information from a local frame to a frame in a different...
CVE-2001-0154
CVE-2001-0154 affects Microsoft Internet Explorer 5.5 and earlier when rendering HTML and processing MIME parts. The vulnerability arises from a MIME handling table that can cause the browser to execute an embedded attachment if a malicious MIME type is set, without user confirmation. This can al...
CVE-2001-0089
CVE-2001-0089 affects Internet Explorer 5.0–5.5. The vulnerability allows a remote attacker to read arbitrary files from the client through an HTML form using an INPUT TYPE element, known as the “File Upload via Form” issue. The provided documents do not specify payloads, affected configurations ...