Lucene search

K

15 matches found

CVE
CVE
added 2009/07/22 6:30 p.m.75 views

CVE-2009-2576

Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affe...

5CVSS6.4AI score0.30084EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.72 views

CVE-2000-0518

Internet Explorer 4.x and 5.x does not properly verify all contents of an SSL certificate if a connection is made to the server via an image or a frame, aka one of two different "SSL Certificate Validation" vulnerabilities.

2.6CVSS6.6AI score0.02187EPSS
CVE
CVE
added 2009/06/15 7:30 p.m.67 views

CVE-2009-2057

Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampe...

5.8CVSS7.1AI score0.11952EPSS
CVE
CVE
added 2000/03/22 5:0 a.m.50 views

CVE-2000-0162

The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the "VM File Reading" vulnerability.

5.1CVSS6.8AI score0.01479EPSS
CVE
CVE
added 2006/04/29 10:2 a.m.50 views

CVE-2006-2094

Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers ...

5.1CVSS6.6AI score0.34906EPSS
CVE
CVE
added 2009/06/15 7:30 p.m.50 views

CVE-2009-2069

Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, ...

5.8CVSS6.5AI score0.02947EPSS
CVE
CVE
added 2000/06/02 4:0 a.m.49 views

CVE-2000-0329

A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML mail, aka the "Active Setup Control" vulnerability.

5.1CVSS7AI score0.08048EPSS
CVE
CVE
added 2000/01/04 5:0 a.m.48 views

CVE-1999-0989

Buffer overflow in Internet Explorer 5 directshow filter (MSDXM.OCX) allows remote attackers to execute commands via the vnd.ms.radio protocol.

7.5CVSS7.8AI score0.06211EPSS
CVE
CVE
added 2000/10/20 4:0 a.m.47 views

CVE-2000-0768

A function in Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a variant of the "Frame Domain Verification" vulnerability.

2.6CVSS6.8AI score0.16317EPSS
CVE
CVE
added 2002/03/15 5:0 a.m.47 views

CVE-2001-1218

Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window.

2.1CVSS6.8AI score0.00244EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.45 views

CVE-2000-0519

Internet Explorer 4.x and 5.x does not properly re-validate an SSL certificate if the user establishes a new SSL session with the same server during the same Internet Explorer session, aka one of two different "SSL Certificate Validation" vulnerabilities.

2.6CVSS7AI score0.02187EPSS
CVE
CVE
added 2000/01/04 5:0 a.m.44 views

CVE-1999-0839

Windows NT Task Scheduler installed with Internet Explorer 5 allows a user to gain privileges by modifying the job after it has been scheduled.

7.2CVSS7.1AI score0.00779EPSS
CVE
CVE
added 2002/06/25 4:0 a.m.41 views

CVE-2002-0153

Internet Explorer 5.1 for Macintosh allows remote attackers to bypass security checks and invoke local AppleScripts within a specific HTML element, aka the "Local Applescript Invocation" vulnerability.

7.5CVSS6.9AI score0.42802EPSS
CVE
CVE
added 2007/09/12 8:17 p.m.41 views

CVE-2007-4848

Microsoft Internet Explorer 4.0 through 7 allows remote attackers to determine the existence of local files that have associated images via a res:// URI in the src property of a JavaScript Image object, as demonstrated by the URI for a bitmap image resource within a (1) .exe or (2) .dll file.

4.3CVSS6.4AI score0.2308EPSS
CVE
CVE
added 2006/08/08 11:4 p.m.38 views

CVE-2006-3451

Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when "multiple imports are used on a styleSheets collection" to construct a chain of Cascading Style Sheets (CSS), which allows remote attackers to execute arbitrary code via unspecified vectors.

7.5CVSS7.5AI score0.64171EPSS