Lucene search

K

44 matches found

CVE
CVE
added 2005/08/10 4:0 a.m.126 views

CVE-2005-1988

Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to execute arbitrary code via a web site or an HTML e-mail containing a crafted JPEG image that causes memory corruption, aka "JPEG Image Rendering Memory Corruption Vulnerability".

5.1CVSS7.3AI score0.83438EPSS
CVE
CVE
added 2006/06/07 4:2 p.m.108 views

CVE-2006-2900

Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inse...

4CVSS6.5AI score0.17504EPSS
CVE
CVE
added 2009/07/22 6:30 p.m.75 views

CVE-2009-2576

Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affe...

5CVSS6.4AI score0.30084EPSS
CVE
CVE
added 2005/08/10 4:0 a.m.60 views

CVE-2005-1990

Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, including (1) devenum.dll, (2) diactfrm.dll, (3) wmm...

5.1CVSS7.6AI score0.82179EPSS
CVE
CVE
added 2004/11/03 5:0 a.m.57 views

CVE-2004-0843

Internet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability."

5CVSS7.6AI score0.28522EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.57 views

CVE-2005-0056

Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability."

5.1CVSS7AI score0.32535EPSS
CVE
CVE
added 2008/04/08 11:5 p.m.55 views

CVE-2008-1085

Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 through SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream that triggers memory corruption, as demonstrated using an invalid MIME-type that does not have a registered handler.

9.3CVSS7.2AI score0.4438EPSS
CVE
CVE
added 2005/08/10 4:0 a.m.53 views

CVE-2005-1989

Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to obtain information and possibly execute code when browsing from a web site to a web folder view using WebDAV, aka "Web Folder Behaviors Cross-Domain Vulnerability".

7.5CVSS6.7AI score0.62784EPSS
CVE
CVE
added 2006/02/18 2:2 a.m.52 views

CVE-2006-0753

Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service (memory consumption) via JavaScript that uses setInterval to repeatedly call a function to set the value of window.status.

2.6CVSS6.5AI score0.16941EPSS
CVE
CVE
added 2006/04/11 11:2 p.m.51 views

CVE-2006-1192

Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow "window content to persist" after the user has navigated to another site, aka the "Address Bar Spoofing Vulnerabi...

2.6CVSS6.2AI score0.53049EPSS
CVE
CVE
added 2006/04/11 11:2 p.m.50 views

CVE-2006-1185

Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via certain invalid HTML that causes memory corruption.

7.5CVSS7.3AI score0.63986EPSS
CVE
CVE
added 2006/04/11 11:2 p.m.50 views

CVE-2006-1719

Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) via any scrollbar Cascading Style Sheets (CSS) property.

5CVSS6.6AI score0.19067EPSS
CVE
CVE
added 2006/09/06 12:4 a.m.50 views

CVE-2006-4560

Internet Explorer 6 on Windows XP SP2 allows remote attackers to execute arbitrary JavaScript in the context of the browser's session with an arbitrary intranet web server, by hosting script on an Internet web server that can be made inaccessible by the attacker and that has a domain name under the...

7.5CVSS7.2AI score0.22004EPSS
CVE
CVE
added 2005/06/21 4:0 a.m.49 views

CVE-2001-1489

Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images.

5CVSS7AI score0.13452EPSS
CVE
CVE
added 2004/11/03 5:0 a.m.49 views

CVE-2004-0844

Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows remote attackers to alter displayed address bars and spoof web pages via a URL containing special characters, facilitating phishing attacks, aka the "Address Bar Spoofing on Double Byte Character Set Systems Vulnerability."

5CVSS7.5AI score0.53434EPSS
CVE
CVE
added 2006/07/06 1:5 a.m.49 views

CVE-2006-3354

Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Filter property of an ADODB.Recordset ActiveX object to certain values multiple times, which triggers a null dereference.

5CVSS7AI score0.41065EPSS
CVE
CVE
added 2006/07/31 11:4 p.m.49 views

CVE-2006-3944

Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via a (1) Forms.ListBox.1 or (2) Forms.ListBox.1 object with the ListWidth property set to (a) 0x7fffffff, which triggers an integer overflow exception, or to (b) 0x7ffffffe, which triggers ...

5CVSS7.2AI score0.43175EPSS
CVE
CVE
added 2007/03/02 9:18 p.m.49 views

CVE-2006-7065

Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference.

5CVSS7AI score0.17741EPSS
CVE
CVE
added 2004/11/03 5:0 a.m.48 views

CVE-2004-0216

Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-bas...

10CVSS8AI score0.48486EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.48 views

CVE-2005-0054

Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname, aka the "URL Decoding ...

5.1CVSS7.5AI score0.38328EPSS
CVE
CVE
added 2006/04/11 11:2 p.m.48 views

CVE-2006-1188

Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag, which leads to memory corruption.

7.5CVSS7.2AI score0.63986EPSS
CVE
CVE
added 2006/07/18 3:47 p.m.48 views

CVE-2006-3657

Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (stack overflow exception) via a DXImageTransform.Microsoft.Gradient ActiveX object with a long (1) StartColorStr or (2) EndColorStr property.

5CVSS7.2AI score0.30174EPSS
CVE
CVE
added 2005/02/13 5:0 a.m.47 views

CVE-2004-0869

Internet Explorer does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection....

5CVSS6.6AI score0.1568EPSS
CVE
CVE
added 2006/07/18 3:47 p.m.46 views

CVE-2006-3659

Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the location or URL property of a MHTMLFile ActiveX object.

5CVSS7AI score0.30441EPSS
CVE
CVE
added 2004/06/14 4:0 a.m.45 views

CVE-2003-1041

Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug ma...

7.5CVSS7.2AI score0.70948EPSS
CVE
CVE
added 2005/07/05 4:0 a.m.45 views

CVE-2005-2087

Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that...

5CVSS7.6AI score0.65273EPSS
CVE
CVE
added 2006/04/11 11:2 p.m.45 views

CVE-2006-1186

Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption.

10CVSS7.5AI score0.7482EPSS
CVE
CVE
added 2007/02/07 8:0 p.m.44 views

CVE-2005-4827

Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests outside of the intended domain by calling open on an XMLHttpRequest object (Microsoft.XMLHTTP) and using tab, newline, and carriage return characters within the fi...

7.5CVSS7.3AI score0.18761EPSS
CVE
CVE
added 2006/01/27 10:3 p.m.44 views

CVE-2006-0057

Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to bypass the Kill bit settings for dangerous ActiveX controls via unknown vectors involving crafted HTML, which can expose the browser to attacks that would otherwise be prevented by the Kill bit setting. NOTE: CERT/CC claims tha...

7.5CVSS6.5AI score0.45819EPSS
CVE
CVE
added 2008/02/12 11:0 p.m.44 views

CVE-2008-0076

Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via crafted HTML layout combinations, aka "HTML Rendering Memory Corruption Vulnerability."

9.3CVSS8.8AI score0.4845EPSS
CVE
CVE
added 2008/02/12 11:0 p.m.44 views

CVE-2008-0078

Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via a crafted image, aka "Argument Handling Memory Corruption Vulnerability."

9.3CVSS8.7AI score0.51546EPSS
CVE
CVE
added 2006/08/09 12:4 a.m.42 views

CVE-2006-3643

Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect C...

6CVSS5.4AI score0.29778EPSS
CVE
CVE
added 2006/08/08 11:4 p.m.41 views

CVE-2006-3637

Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-assisted remote attackers to execute arbitrary code via a crafted HTML file that leads to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."

5.1CVSS7.2AI score0.77254EPSS
CVE
CVE
added 2006/07/31 11:4 p.m.40 views

CVE-2006-3943

Stack-based buffer overflow in NDFXArtEffects in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via long (1) RGBExtraColor, (2) RGBForeColor, and (3) RGBBackColor properties.

2.6CVSS7.4AI score0.38257EPSS
CVE
CVE
added 2004/07/07 4:0 a.m.39 views

CVE-2004-0479

Internet Explorer 6 allows remote attackers to cause a denial of service (crash) via Javascript that creates a new popup window and disables the imagetoolbar functionality with a META tag, which triggers a null dereference.

5CVSS7AI score0.2305EPSS
CVE
CVE
added 2004/11/03 5:0 a.m.38 views

CVE-2004-0845

Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site.

6.4CVSS7.3AI score0.40729EPSS
CVE
CVE
added 2006/08/08 11:4 p.m.38 views

CVE-2006-3451

Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when "multiple imports are used on a styleSheets collection" to construct a chain of Cascading Style Sheets (CSS), which allows remote attackers to execute arbitrary code via unspecified vectors.

7.5CVSS7.5AI score0.64171EPSS
CVE
CVE
added 2006/11/14 9:7 p.m.38 views

CVE-2006-5884

Multiple unspecified vulnerabilities in DirectAnimation ActiveX controls for Microsoft Internet Explorer 5.01 through 6 have unknown impact and remote attack vectors, possibly related to (1) Danim.dll and (2) Lmrt.dll, a different set of vulnerabilities than CVE-2006-4446 and CVE-2006-4777.

7.5CVSS6.9AI score0.86871EPSS
CVE
CVE
added 2006/02/01 2:0 a.m.37 views

CVE-2005-4679

Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site.

5CVSS6.9AI score0.08028EPSS
CVE
CVE
added 2006/08/09 12:4 a.m.37 views

CVE-2006-3639

Microsoft Internet Explorer 5.01 and 6 does not properly identify the originating domain zone when handling redirects, which allows remote attackers to read cross-domain web pages and possibly execute code via unspecified vectors involving a crafted web page, aka "Source Element Cross-Domain Vulner...

7.5CVSS7AI score0.45068EPSS
CVE
CVE
added 2006/08/09 12:4 a.m.37 views

CVE-2006-3640

Microsoft Internet Explorer 5.01 and 6 allows certain script to persist across navigations between pages, which allows remote attackers to obtain the window location of visited web pages in other domains or zones, aka "Window Location Information Disclosure Vulnerability."

5CVSS6.3AI score0.36654EPSS
CVE
CVE
added 2007/02/07 11:28 a.m.36 views

CVE-2007-0811

Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementB...

4.3CVSS6.6AI score0.46521EPSS
CVE
CVE
added 2006/11/14 9:7 p.m.35 views

CVE-2006-4687

Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via crafted layout combinations involving DIV tags and HTML CSS float properties that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."

5.1CVSS7.4AI score0.62172EPSS
CVE
CVE
added 2006/07/18 3:47 p.m.33 views

CVE-2006-3658

Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by accessing the object references of a FolderItem ActiveX object, which triggers a null dereference in the security check.

5CVSS6.9AI score0.30505EPSS