Lucene search

K

121 matches found

CVE
CVE
added 2004/11/23 5:0 a.m.49 views

CVE-2004-0284

Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name.

5CVSS6.7AI score0.1127EPSS
CVE
CVE
added 2004/09/14 4:0 a.m.49 views

CVE-2004-0839

Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, ...

5CVSS7.4AI score0.38826EPSS
CVE
CVE
added 2005/08/04 4:0 a.m.49 views

CVE-2004-2291

Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via an embedded script that uses Shell Helper objects and a shortcut (link) to execute the target script.

7.5CVSS8AI score0.20061EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.49 views

CVE-2005-0055

Internet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange Javascript function, which allows remote attackers to execute arbitrary code, aka the "DHTML Method Heap Memory Corruption Vulnerability."

7.5CVSS7.5AI score0.4487EPSS
CVE
CVE
added 2006/03/17 1:2 a.m.49 views

CVE-2006-1245

Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the "Multiple E...

7.5CVSS7.5AI score0.69669EPSS
CVE
CVE
added 2006/07/06 1:5 a.m.49 views

CVE-2006-3354

Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Filter property of an ADODB.Recordset ActiveX object to certain values multiple times, which triggers a null dereference.

5CVSS7AI score0.41065EPSS
CVE
CVE
added 2006/08/17 1:4 a.m.49 views

CVE-2006-4193

Microsoft Internet Explorer 6.0 SP1 and possibly other versions allows remote attackers to cause a denial of service and possibly execute arbitrary code by instantiating COM objects as ActiveX controls, including (1) imskdic.dll (Microsoft IME), (2) chtskdic.dll (Microsoft IME), and (3) msoe.dll (O...

7.5CVSS7.7AI score0.50185EPSS
CVE
CVE
added 2007/03/02 9:18 p.m.49 views

CVE-2006-7065

Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference.

5CVSS7AI score0.17741EPSS
CVE
CVE
added 2007/01/31 11:28 a.m.49 views

CVE-2007-0612

Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, ...

7.8CVSS6.7AI score0.53487EPSS
CVE
CVE
added 2007/05/08 11:19 p.m.49 views

CVE-2007-0942

Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and possibly 7 on Windows Vista does not properly "instantiate certain COM objects as ActiveX controls," which allows remote attackers to execute arbitr...

9.3CVSS7.5AI score0.54907EPSS
CVE
CVE
added 2007/08/14 9:17 p.m.49 views

CVE-2007-0943

Unspecified vulnerability in Internet Explorer 5.01 and 6 SP1 allows remote attackers to execute arbitrary code via crafted Cascading Style Sheets (CSS) strings that trigger memory corruption during parsing, related to use of out-of-bounds pointers.

6.8CVSS7.5AI score0.62193EPSS
CVE
CVE
added 2005/06/28 4:0 a.m.48 views

CVE-2002-1824

Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a webserver's certificate chain during a SSL/TLS handshake, does not prompt the user before searching for and finding a newer certificate, which may allow attackers to perform a man-in-the-middle attack. NOTE: it is not clear whet...

5CVSS6.8AI score0.03737EPSS
CVE
CVE
added 2003/11/17 5:0 a.m.48 views

CVE-2003-0809

Internet Explorer 5.01 through 6.0 does not properly handle object tags returned from a Web server during XML data binding, which allows remote attackers to execute arbitrary code via an HTML e-mail message or web page.

7.5CVSS8AI score0.45451EPSS
CVE
CVE
added 2006/02/15 11:0 a.m.48 views

CVE-2005-4717

Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereferenc...

5CVSS6.8AI score0.10269EPSS
CVE
CVE
added 2006/04/11 11:2 p.m.48 views

CVE-2006-1188

Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag, which leads to memory corruption.

7.5CVSS7.2AI score0.63986EPSS
CVE
CVE
added 2006/08/08 11:4 p.m.48 views

CVE-2006-3638

Microsoft Internet Explorer 5.01 and 6 does not properly handle uninitialized COM objects, which allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code, as demonstrated by the Nth function in the DirectAnimation.DATuple ActiveX control, aka "COM...

7.5CVSS7.2AI score0.64559EPSS
CVE
CVE
added 2006/08/30 1:4 a.m.48 views

CVE-2006-4446

Heap-based buffer overflow in DirectAnimation.PathControl COM object (daxctle.ocx) in Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Spline function call whose first argument specifies a large number of points.

5CVSS7.8AI score0.7919EPSS
CVE
CVE
added 2007/02/13 10:28 p.m.48 views

CVE-2007-0217

The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption.

10CVSS7.2AI score0.76216EPSS
CVE
CVE
added 2004/04/15 4:0 a.m.47 views

CVE-2003-0513

Microsoft Internet Explorer allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Internet Explorer to send the cookie outside the specified URL subsets, e.g. to a vulnerable app...

7.5CVSS6.6AI score0.04641EPSS
CVE
CVE
added 2004/02/03 5:0 a.m.47 views

CVE-2003-0817

Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object.

7.5CVSS7.7AI score0.16176EPSS
CVE
CVE
added 2006/06/13 7:6 p.m.47 views

CVE-2006-2378

Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption.

6.8CVSS7.6AI score0.62392EPSS
CVE
CVE
added 2006/08/23 1:4 a.m.47 views

CVE-2006-3869

Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compressi...

7.5CVSS7.9AI score0.72358EPSS
CVE
CVE
added 2007/02/13 10:28 p.m.47 views

CVE-2006-4697

Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from Imjpcksid.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might be related to CVE-2006-4193.

9.3CVSS7.5AI score0.54438EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.46 views

CVE-2002-1185

Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka "Malformed PNG Image File F...

5CVSS7.5AI score0.29205EPSS
CVE
CVE
added 2003/05/12 4:0 a.m.46 views

CVE-2003-0233

Heap-based buffer overflow in plugin.ocx for Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via the Load() method, a different vulnerability than CVE-2003-0115.

7.5CVSS8.2AI score0.13253EPSS
CVE
CVE
added 2005/02/20 5:0 a.m.46 views

CVE-2004-1686

Internet Explorer 6.0 in Windows XP SP2 allows remote attackers to bypass the Information Bar prompt for ActiveX and Javascript via an XHTML page that contains an Internet Explorer formatted comment between the DOCTYPE tag and the HTML tag, as demonstrated using the DesignScience MathPlayer ActiveX...

5CVSS7AI score0.10697EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.46 views

CVE-2005-0500

Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to spoof the domain name of a URL in a titlebar for a script-initiated popup window, which could facilitate phishing attacks.

5CVSS6.6AI score0.16735EPSS
CVE
CVE
added 2006/07/10 8:5 p.m.46 views

CVE-2006-3472

Microsoft Internet Explorer 6.0 and 6.0 SP1 allows remote attackers to cause a denial of service via an HTML page with an A tag containing a long title attribute. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

5CVSS6.7AI score0.28361EPSS
CVE
CVE
added 2006/09/14 12:7 a.m.46 views

CVE-2006-4777

Heap-based buffer overflow in the DirectAnimation Path Control (DirectAnimation.PathControl) COM object (daxctle.ocx) for Internet Explorer 6.0 SP1, on Chinese and possibly other Windows distributions, allows remote attackers to execute arbitrary code via unknown manipulations in arguments to the K...

7.6CVSS7.9AI score0.86871EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.45 views

CVE-2002-1142

Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.

7.5CVSS7.5AI score0.83043EPSS
CVE
CVE
added 2004/06/14 4:0 a.m.45 views

CVE-2003-1041

Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug ma...

7.5CVSS7.2AI score0.70948EPSS
CVE
CVE
added 2005/08/18 4:0 a.m.45 views

CVE-2004-2434

Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (browser crash) via a link with "::{" (colon colon left brace), which triggers a null dereference when the user attempts to save the link using "Save As" and Internet Explorer prepares an error message with an ...

5CVSS6.9AI score0.17408EPSS
CVE
CVE
added 2006/06/02 10:18 a.m.45 views

CVE-2006-2766

Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a long mhtml URI in the URL value in a URL file.

2.6CVSS6.7AI score0.63435EPSS
CVE
CVE
added 2006/09/12 11:7 p.m.45 views

CVE-2006-3873

Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the ta...

7.5CVSS7.9AI score0.72358EPSS
CVE
CVE
added 2003/05/12 4:0 a.m.44 views

CVE-2003-0114

The file upload control in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to automatically upload files from the local system via a web page containing a script to upload the files.

5CVSS7.5AI score0.30354EPSS
CVE
CVE
added 2003/08/27 4:0 a.m.44 views

CVE-2003-0530

Buffer overflow in the BR549.DLL ActiveX control for Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to execute arbitrary code.

7.5CVSS8.1AI score0.23688EPSS
CVE
CVE
added 2004/01/20 5:0 a.m.44 views

CVE-2003-1027

Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerab...

10CVSS7.5AI score0.60933EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.44 views

CVE-2003-1328

The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka "Improper Cross Domain Security Validation with ShowHelp functionality."

7.5CVSS7.9AI score0.43563EPSS
CVE
CVE
added 2004/07/27 4:0 a.m.44 views

CVE-2004-0719

Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, and possibly other versions, does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnera...

7.5CVSS6.7AI score0.15583EPSS
CVE
CVE
added 2007/02/07 8:0 p.m.44 views

CVE-2005-4827

Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests outside of the intended domain by calling open on an XMLHttpRequest object (Microsoft.XMLHTTP) and using tab, newline, and carriage return characters within the fi...

7.5CVSS7.3AI score0.18761EPSS
CVE
CVE
added 2006/07/10 7:5 p.m.44 views

CVE-2006-3471

Microsoft Internet Explorer 6 on Windows XP allows remote attackers to cause a denial of service (crash) via a table with a frameset as a child, which triggers a null dereference, as demonstrated using the appendChild method.

5CVSS6.9AI score0.44499EPSS
CVE
CVE
added 2007/07/03 9:30 p.m.44 views

CVE-2007-3550

Microsoft Internet Explorer 6.0 and 7.0 allows remote attackers to fill Zones with arbitrary domains using certain metacharacters such as wildcards via JavaScript, which results in a denial of service (website suppression and resource consumption), aka "Internet Explorer Zone Domain Specification D...

7.8CVSS6.8AI score0.27363EPSS
CVE
CVE
added 2002/12/11 5:0 a.m.43 views

CVE-2002-1254

Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka "Cross Domain Verification via Cached Methods."

7.5CVSS7.2AI score0.70243EPSS
CVE
CVE
added 2005/06/21 4:0 a.m.43 views

CVE-2002-1714

Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to cause a denial of service (crash) via an object of type "text/html" with the DATA field that identifies the HTML document that contains the object, which may cause infinite recursion.

5CVSS6.8AI score0.21829EPSS
CVE
CVE
added 2003/11/17 5:0 a.m.43 views

CVE-2003-0838

Internet Explorer allows remote attackers to bypass zone restrictions to inject and execute arbitrary programs by creating a popup window and inserting ActiveX object code with a "data" tag pointing to the malicious code, which Internet Explorer treats as HTML or Javascript, but later executes as a...

7.5CVSS7.3AI score0.68345EPSS
CVE
CVE
added 2005/03/11 5:0 a.m.43 views

CVE-2003-1105

Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to cause a denial of service (browser or Outlook Express crash) via HTML with certain input tags that are not properly rendered.

2.6CVSS6.9AI score0.09233EPSS
CVE
CVE
added 2005/07/17 4:0 a.m.43 views

CVE-2004-2219

Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake.

2.6CVSS6.6AI score0.24002EPSS
CVE
CVE
added 2005/07/19 4:0 a.m.43 views

CVE-2005-2308

The JPEG decoder in Microsoft Internet Explorer allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via certain crafted JPEG images, as demonstrated using (1) mov_fencepost.jpg, (2) cmp_fencepost.jpg, (3) oom_dos.jpg, or (4) random.jpg...

7.5CVSS7.8AI score0.52357EPSS
CVE
CVE
added 2007/02/13 11:28 p.m.43 views

CVE-2007-0219

Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from (1) Msb1fren.dll, (2) Htmlmm.ocx, and (3) Blnmgrps.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2006-4697.

10CVSS7.6AI score0.6131EPSS
CVE
CVE
added 2007/02/26 11:28 a.m.43 views

CVE-2007-1091

Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers.

6.8CVSS6.3AI score0.49661EPSS
Total number of security vulnerabilities121