Lucene search
K

200 matches found

CVE
CVE
added 2005/08/10 4:0 a.m.143 views

CVE-2005-1988

The CVE-2005-1988 entry describes a remote code execution vulnerability in Microsoft Internet Explorer (versions 5.0, 5.5, and 6.0) caused by memory corruption in the JPEG image rendering component. A crafted JPEG image (delivered via a malicious webpage or HTML email) could trigger a buffer over...

5.1CVSS7.3AI score0.45597EPSS
CVE
CVE
added 2006/07/19 11:0 p.m.127 views

CVE-2006-3730

CVE-2006-3730 describes an integer overflow in the WebViewFolderIcon ActiveX control (webvw.dll) setSlice method, exploitable by remote attackers to crash or execute arbitrary code in Internet Explorer 6 on Windows XP SP2. Public details show MS06-057 as the fix; mitigations include applying the ...

9.3CVSS7.6AI score0.63817EPSS
CVE
CVE
added 2006/06/07 4:0 p.m.120 views

CVE-2006-2900

CVE-2006-2900 concerns Internet Explorer 6 and an information-disclosure issue where a user-assisted attacker could cause file content disclosure by manipulating focus via OnKeyDown/OnKeyPress/OnKeyUp events and inserting characters into a file upload control. The core vector is a keystroke hijac...

4CVSS6.5AI score0.1261EPSS
CVE
CVE
added 2009/04/15 3:49 a.m.114 views

CVE-2009-0550

CVE-2009-0550 impacts Windows HTTP Services (WinHTTP) and WinINet used by Internet Explorer, on Windows 2000 SP4, XP SP2/SP3, Server 2003, Vista, and Server 2008; the vulnerability allows an attacker-controlled remote web server to capture NTLM credentials and replay them, and to execute arbitrar...

9.3CVSS6.9AI score0.11749EPSS
CVE
CVE
added 2004/12/10 5:0 a.m.105 views

CVE-2004-1166

CVE-2004-1166 describes a CRLF injection vulnerability in Internet Explorer 6.0.2800.1106 and earlier where an ftp:// URL containing a URL-encoded newline ("%0a") before the FTP command can cause the FTP commands to be injected into the session (e.g., via PORT). The connected MS06-042 bulletin do...

7.5CVSS7.7AI score0.39165EPSS
CVE
CVE
added 2007/03/30 12:0 a.m.100 views

CVE-2007-1765

CVE-2007-1765 refers to a remote code execution/DoS vulnerability in Microsoft Windows (Windows 2000 SP4 through Vista) via a malformed ANI file that corrupts memory while processing cursors/animated cursors/icons in LoadAniIcon() of USER32.dll. Connected sources identify this as MS07-017 (RIFF/A...

9.3CVSS7.7AI score0.54326EPSS
CVE
CVE
added 2006/03/23 12:0 a.m.97 views

CVE-2006-1359

CVE-2006-1359 affects Microsoft Internet Explorer 6/7 Beta 2 and relates to a vulnerability in createTextRange() on checkbox objects, which can lead to remote denial of service and potentially arbitrary code execution via dereferencing an invalid table pointer. Multiple sources tie this to MS06-0...

9.3CVSS7.3AI score0.68068EPSS
CVE
CVE
added 2007/01/09 11:0 p.m.97 views

CVE-2007-0024

CVE-2007-0024 is the Internet Explorer VML buffer overrun in vgx.dll. The vulnerability affects IE 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1, where crafted VML in a web page can trigger an integer/memory handling flaw that enables remote code execution. Public w...

9.3CVSS7.6AI score0.46488EPSS
CVE
CVE
added 2003/06/06 4:0 a.m.94 views

CVE-2003-0344

Microsoft Internet Explorer 5.01, 5.5 and 6.0 are affected by a buffer overflow in the OBJECT element Type attribute, allowing remote code execution via crafted HTML. The issue (CVE-2003-0344) is a known variant related to double-byte language support and has been publicly discussed in MS03-020/M...

7.5CVSS7.9AI score0.81307EPSS
CVE
CVE
added 2004/11/18 5:0 a.m.94 views

CVE-2004-1050

CVE-2004-1050 affects Internet Explorer 6. A heap-based buffer overflow occurs when parsing long NAME or SRC attributes in IFRAME/FRAME/EMBED elements, allowing remote code execution. Exploitation typically involves loading a crafted page; CVSS notes high risk (network exploit, no user interactio...

10CVSS7.8AI score0.67061EPSS
CVE
CVE
added 2005/04/13 4:0 a.m.91 views

CVE-2005-0553

The CVE-2005-0553 issue is a race condition in the DHTML object processor of Internet Explorer (IE) versions 5.01, 5.5, and 6 that can enable remote code execution when a user visits a crafted web page or HTML email. The root cause involves race conditions in processing of DHTML objects (e.g., Co...

5.1CVSS7.6AI score0.50604EPSS
CVE
CVE
added 2004/09/14 4:0 a.m.90 views

CVE-2004-0842

The CVE-2004-0842 issue affects Internet Explorer 6.0 SP1 and earlier (Windows platforms) and is caused by an unchecked buffer in CSS parsing that can trigger heap memory corruption via crafted CSS (for example, the “@;/*”” sequence). Successful exploitation could lead to remote code execution or...

7.5CVSS7.6AI score0.56607EPSS
CVE
CVE
added 2004/07/14 4:0 a.m.89 views

CVE-2004-0212

CVE-2004-0212 describes a stack-based buffer overflow in the Windows Task Scheduler (mstask) that affects Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0. The vulnerability occurs in how Task Scheduler handles long parameters in .job files, allowing a remote or local attacker to ex...

10CVSS7.7AI score0.66952EPSS
CVE
CVE
added 2007/12/12 12:0 a.m.88 views

CVE-2007-3902

CVE-2007-3902 is a use-after-free/ memory corruption vulnerability in Microsoft Internet Explorer 5.01–7, caused by the CRecalcProperty function in mshtml.dll. Attackers could trigger arbitrary code execution by calling the setExpression method and then modifying an element’s outerHTML, leading t...

9.3CVSS7.1AI score0.35508EPSS
CVE
CVE
added 2009/07/22 6:0 p.m.86 views

CVE-2009-2576

CVE-2009-2576 refers to a Denial of Service in Microsoft Internet Explorer (IE) where a long Unicode string passed to the write method can consume CPU/memory. The OpenVAS entry OpenVAS:900400 explicitly links CVE-2009-2576 to IE Unicode String DoS and lists a base CVSS v2 score of 5.0 (AV:N/AC:L/...

5CVSS6.4AI score0.14884EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.85 views

CVE-2000-0518

This CVE concerns Internet Explorer 4.x/5.x where SSL certificate validation is incomplete when the connection is initiated via an image or an iframe. The underlying issue is that IE verifies only that the certificate was issued by a trusted root, but does not confirm the server name or the certi...

2.6CVSS6.6AI score0.04835EPSS
CVE
CVE
added 2007/03/17 10:0 a.m.85 views

CVE-2007-1499

CVE-2007-1499 affects Microsoft Internet Explorer 7.0 on Windows XP and Windows Vista. It describes a Navigation Cancel Page spoofing vulnerability: when navigation is canceled, IE uses a local res://navcancl.htm resource and inserts the user-supplied URL into the page, which can cause a crafted ...

4.3CVSS7.2AI score0.2978EPSS
CVE
CVE
added 2009/06/15 7:0 p.m.84 views

CVE-2009-2057

Microsoft Internet Explorer prior to version 8 is described as vulnerable to an SSL-tampering style attack where the HTTP Host header is used to determine the document context in a 4xx or 5xx CONNECT response from a proxy. This allows a man-in-the-middle attacker to modify the CONNECT response an...

5.8CVSS7.1AI score0.03027EPSS
CVE
CVE
added 2004/09/14 4:0 a.m.83 views

CVE-2004-0841

The CVE-2004-0841 entry corresponds to Internet Explorer 6.x vulnerability commonly called Script in Image Tag File Download (also HijackClick 3). The connected advisories describe this as an IE vulnerability that allows a remote attacker to escalate privileges by abusing script execution in imag...

5CVSS7.5AI score0.48733EPSS
CVE
CVE
added 2004/09/24 4:0 a.m.83 views

CVE-2004-0867

CVE-2004-0867 affects Mozilla Firefox 0.9.2 by allowing websites to set cookies for country-specific top‑level domains (e.g., .ltd.uk, .plc.uk, .sch.uk), which could enable a session‑fixation attack and session hijack. The note indicates 2.x may also be affected. Technical details in the provided...

7.5CVSS6.9AI score0.17183EPSS
CVE
CVE
added 2003/08/22 4:0 a.m.80 views

CVE-2003-0701

CVE-2003-0701 describes a buffer overflow in Internet Explorer 6 SP1 for languages using double-byte encodings (e.g., Japanese) that can allow remote code execution via the Type property of an OBJECT tag. The root cause is a vulnerability in how IE handles the OBJECT element’s Type attribute, ena...

7.5CVSS7.8AI score0.30071EPSS
CVE
CVE
added 2005/02/08 5:0 a.m.78 views

CVE-2005-0053

Summary of CAN-2005-0053 (CVE-2005-0053) : In Internet Explorer 5.01, 5.5, and 6, drag-and-drop events can be exploited to write arbitrary files or execute code on the local system via malicious drag-and-drop content. Microsoft’s fix is delivered in two security updates: MS05-014 (CVE CAN-2005-00...

7.5CVSS7.6AI score0.6349EPSS
CVE
CVE
added 2007/12/12 12:0 a.m.78 views

CVE-2007-3903

CVE-2007-3903 refers to a memory corruption vulnerability in Microsoft Internet Explorer (mshtml.dll) affecting IE6/IE7, caused by unexpected calls to HTML objects (cloneNode/nodeValue) leading to remote arbitrary code execution. OpenVAS/CP advisories link this family to MS07-069 and describe it ...

6.8CVSS7.3AI score0.31275EPSS
CVE
CVE
added 2004/01/14 5:0 a.m.77 views

CVE-2003-0816

CVE-2003-0816 applies to Internet Explorer 6 SP1 and earlier and is the Script URLs Cross Domain vulnerability (CAN-2003-0816). It allows a remote attacker to bypass IE’s cross-domain security by abusing scripted navigation and framing techniques (NavigateAndFind with file:JavaScript URLs, window...

7.5CVSS7.6AI score0.48374EPSS
CVE
CVE
added 2004/10/16 4:0 a.m.77 views

CVE-2004-0843

CVE-2004-0843 is a Plug-in Navigation Address Bar Spoofing vulnerability in Internet Explorer (IE 5.01/5.5/6 families). A remote attacker could cause the address bar to show a URL different from the loaded page via plug‑ins, enabling phishing-like deception. The connected OpenVAS entries confirm ...

5CVSS7.6AI score0.33792EPSS
CVE
CVE
added 2002/06/25 4:0 a.m.76 views

CVE-2002-0152

The CVE-2002-0152 entry concerns a buffer overflow in Macintosh builds of several Microsoft applications. The vulnerability is triggered by the file:// directive when a large number of slashes (/) is supplied, allowing remote attackers to crash the affected applications or potentially execute arb...

7.5CVSS8.3AI score0.1737EPSS
CVE
CVE
added 2004/01/08 5:0 a.m.76 views

CVE-2003-1026

CVE-2003-1026 affects Internet Explorer 5.01–6.0 (Travel Log cross-domain vulnerability). A crafted script URL stored in the travel log/subframes could bypass zone restrictions and execute in the top window’s zone when history.back is invoked, potentially allowing access to cross-domain data and ...

9.3CVSS7.5AI score0.39211EPSS
CVE
CVE
added 2005/02/13 5:0 a.m.76 views

CVE-2004-0866

CVE-2004-0866 involves Internet Explorer 6.0. The vulnerability allows websites to set cookies for country‑specific top‑level domains (e.g., .ltd.uk, .plc.uk, .sch.uk), which could enable a remote attacker to perform a session fixation attack and hijack a user’s HTTP session. The provided documen...

7.5CVSS6.9AI score0.10075EPSS
CVE
CVE
added 2006/06/13 7:0 p.m.76 views

CVE-2006-1303

The CVE-2006-1303 issue affects Microsoft Internet Explorer 5.01 SP4 and IE 6 SP1 (and earlier) via remote instantiation of certain COM objects not meant for IE, notably several DXImageTransform.Microsoft.* ActiveX controls (MMSpecialEffect1Input, MMSpecialEffect1Input.1, MMSpecialEffect2Inputs, ...

9.3CVSS7.7AI score0.38125EPSS
CVE
CVE
added 2006/08/18 7:0 p.m.76 views

CVE-2006-4219

The CVE-2006-4219 entry concerns the Terminal Services COM object tsuserex.dll. Affected component: tsuserex.dll (ActiveX object) invoked by Internet Explorer 6.0 SP1 on Windows 2003 EE SP1 CN. Root cause/impact: remote attackers could crash the system and possibly execute arbitrary code by insta...

7.5CVSS7.7AI score0.20994EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.75 views

CVE-2003-1326

Microsoft Internet Explorer 5.5 and 6.0 are affected by CVE-2003-1326, which enables remote attackers to bypass cross-domain security and execute script or arbitrary code via dialog boxes. The issue centers on improper handling of dialog frames and the dialogArguments mechanism, enabling cross-do...

7.5CVSS7.6AI score0.16333EPSS
CVE
CVE
added 2007/05/08 11:0 p.m.74 views

CVE-2007-0944

CVE-2007-0944 is an Uninitialized Memory Corruption Vulnerability in Internet Explorer (CTableCol::OnPropertyChange) where an attacker can trigger arbitrary code execution by calling deleteCell on a named row/column, then accessing the column. Affected do include IE 5.01 SP4 on Windows 2000 SP4; ...

9.3CVSS7.3AI score0.35074EPSS
CVE
CVE
added 2004/06/08 4:0 a.m.73 views

CVE-2004-0526

Unknown versions of Internet Explorer and Outlook are affected by a phishing-related vulnerability that allows remote attackers to spoof a legitimate URL in the status bar. The issue arises from crafting A HREF tags with modified alt values pointing to the legitimate site, combined with an image ...

5CVSS7AI score0.17249EPSS
CVE
CVE
added 2005/08/10 4:0 a.m.73 views

CVE-2005-1990

CVE-2005-1990 affects Internet Explorer 5.0, 5.5, and 6.0. The vulnerability arises from improper instantiation of certain COM objects as ActiveX controls, causing a buffer/memory corruption in the host process and potentially enabling command execution or a crash. Affected components include a s...

5.1CVSS7.6AI score0.48513EPSS
CVE
CVE
added 2008/04/08 11:0 p.m.73 views

CVE-2008-1085

CVE-2008-1085 is corroborated by connected docs as a remote code execution risk in Internet Explorer across multiple versions and Windows releases, addressed by MS08-024 (Cumulative Security Update for IE). The MSKB KB947864 summary notes that this update resolves vulnerabilities that could allow...

9.3CVSS7.2AI score0.31932EPSS
CVE
CVE
added 2009/04/15 3:49 a.m.73 views

CVE-2009-0552

CVE-2009-0552 describes a remote-code-execution vulnerability in Microsoft Internet Explorer involving a memory corruption flaw in history.go when accessing an uninitialized or deleted object. The issue affects IE 5.01 SP4, IE 6 SP1, IE 6 on Windows XP SP2/SP3, and IE 6 on Windows Server 2003 SP1...

9.3CVSS7.5AI score0.28588EPSS
CVE
CVE
added 2000/02/04 5:0 a.m.72 views

CVE-1999-0827

The CVE affects Internet Explorer 5.0 (and other versions) where the default setting for the option “Navigate sub-frames across different domains” is enabled, enabling frame spoofing. Root cause: the feature is on by default, allowing sub-frame navigation across domains and exposing partial confi...

2.6CVSS7AI score0.04685EPSS
CVE
CVE
added 2004/10/26 4:0 a.m.72 views

CVE-2004-0985

CVE-2004-0985 is linked to the Drag-and-Drop Vulnerability in Internet Explorer (IE6) and is addressed by Microsoft’s MS05-014/MS05-008 security updates. The connected documents describe a privilege-elevation/remote code execution scenario in IE6 via drag‑and‑drop handling, which could allow savi...

10CVSS7.2AI score0.20239EPSS
CVE
CVE
added 2006/09/06 12:0 a.m.72 views

CVE-2006-4560

CVE-2006-4560 affects Internet Explorer 6 on Windows XP SP2. The flaw enables remote attackers to make the browser drop DNS pinning and perform a new DNS query for a domain controlled by the attacker, by hosting script on an Internet server that an intranet server can be made inaccessible to and ...

7.5CVSS7.2AI score0.18259EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.70 views

CVE-2002-1186

CVE-2002-1186 affects Microsoft Internet Explorer versions 5.01 through 6.0. The vulnerability arises because IE does not properly perform security checks on certain encoded characters within a URL, enabling a remote attacker to steal potentially sensitive information by redirecting the user to a...

5CVSS6.1AI score0.19121EPSS
CVE
CVE
added 2004/01/14 5:0 a.m.70 views

CVE-2003-0823

CVE-2003-0823 describes a drag-and-drop hijack in Internet Explorer 6 SP1 and earlier, where invoking window.moveBy could direct drag-and-drop actions to other windows, enabling remote control of user actions. The vulnerability is cited as a variant exploited by other browsers as well (e.g., CVE-...

7.5CVSS7.5AI score0.26001EPSS
CVE
CVE
added 2004/05/20 4:0 a.m.70 views

CVE-2004-0475

CVE-2004-0475 concerns Internet Explorer 6 on Windows XP Professional, where the showHelp function can be abused to load local CHM files via a crafted ms-its URL, enabling remote attackers to cause arbitrary local code execution. The vulnerability is triggered by a double backslash sequence befor...

5.1CVSS7.2AI score0.10026EPSS
CVE
CVE
added 2005/01/06 5:0 a.m.70 views

CVE-2004-1331

Microsoft Internet Explorer 6.0 SP2 contains a vulnerability in the execCommand API where a SaveAs operation can bypass the File Download - Security Warning dialog, allowing remote attackers to save arbitrary files with arbitrary extensions on the target system. The CPAI advisory describes exploi...

2.6CVSS6.7AI score0.19468EPSS
CVE
CVE
added 2005/02/08 5:0 a.m.70 views

CVE-2005-0056

CVE-2005-0056 affects Internet Explorer (Windows 2000/XP/Server 2003) via a cross-domain vulnerability in Channel Definition Format (CDF) file URL validation. A malicious web page could trigger information disclosure or remote code execution by exploiting the IE cross-domain security model, poten...

5.1CVSS7AI score0.28331EPSS
CVE
CVE
added 2007/02/13 10:0 p.m.70 views

CVE-2007-0217

The CVE-2007-0217 issue affects Microsoft Internet Explorer’s wininet.dll FTP client parsing of FTP server responses. A null-termination error when handling FTP replies can overwrite heap memory, enabling remote code execution. Public sources (MS07-016, CPAI-2007-030) confirm IE/WinINet memory-co...

10CVSS7.2AI score0.60813EPSS
CVE
CVE
added 2007/12/12 12:0 a.m.70 views

CVE-2007-5344

CVE-2007-5344 affects Microsoft Internet Explorer 5.01–7 via mshtml.dll, where the CRecalcProperty/setExpression sequence enables remote arbitrary code execution through heap corruption of uninitialized/removed objects. Public sources in connected docs confirm a memory-corruption chain tied to se...

6.8CVSS7.3AI score0.27483EPSS
CVE
CVE
added 2007/02/26 11:0 p.m.69 views

CVE-2007-1114

The CVE-2007-1114 entry describes a cross-site scripting issue in Microsoft Internet Explorer 7 where child frames inherit the page charset from the parent when the Content-Type header or META tag lacks a charset. This can enable XSS, demonstrated with UTF-7. The vulnerability affects how IE7 han...

4.3CVSS5.7AI score0.1161EPSS
CVE
CVE
added 2005/08/10 4:0 a.m.68 views

CVE-2005-1989

CVE-2005-1989 is part of a set of Internet Explorer flaws affecting IE 5.0/5.5/6.0 via Web Folder Behaviors Cross‑Domain Vulnerability (CAN-2005-1989) and related issues (CAN-2005-1988 JPEG Rendering; CAN-2005-1990 COM Object Instantiation). The connected records confirm a cross‑domain informatio...

7.5CVSS6.7AI score0.45679EPSS
CVE
CVE
added 2003/04/26 4:0 a.m.67 views

CVE-2003-0113

CVE-2003-0113 concerns Microsoft Internet Explorer 5.01, 5.5 and 6.0. The issue is a buffer overflow in URLMON.DLL that can be triggered by an HTTP response containing abnormally long values in the Content-Type and Content-Encoding headers. Successful exploitation could allow an attacker to execu...

7.5CVSS8.1AI score0.39367EPSS
CVE
CVE
added 2003/10/08 4:0 a.m.67 views

CVE-2003-0809

Microsoft Internet Explorer 5.01–6.0 is affected by CVE-2003-0809 due to improper handling of object tags returned from a Web server during XML data binding, enabling remote code execution via HTML email or web pages. Affected software: IE 5.01–6.0. Root cause: object/HTML data binding issue in I...

7.5CVSS8AI score0.2667EPSS
Total number of security vulnerabilities200