Lucene search

K

121 matches found

CVE
CVE
added 2007/10/24 11:0 p.m.42 views

CVE-2003-1484

Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) by creating a DHTML link that uses the AnchorClick "A" object with a blank href attribute.

4.3CVSS6.9AI score0.27616EPSS
CVE
CVE
added 2005/05/19 4:0 a.m.42 views

CVE-2004-2090

Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers to determine the existence of arbitrary files via the VBScript LoadPicture method, which returns an error code if the file does not exist.

5CVSS7.3AI score0.39409EPSS
CVE
CVE
added 2005/12/14 11:3 a.m.42 views

CVE-2005-2829

Multiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 allow user-assisted attackers to execute arbitrary code by (1) overlaying a malicious new window above a file download box, then (2) using a keyboard shortcut and delaying the display of the file download box until the user hits...

5.1CVSS7.4AI score0.2005EPSS
CVE
CVE
added 2006/06/13 7:6 p.m.42 views

CVE-2006-2385

Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption when it is saved as a multipart HTML (.mht) file.

7.6CVSS7.4AI score0.18242EPSS
CVE
CVE
added 2006/08/31 10:4 p.m.42 views

CVE-2006-4495

Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll.

7.5CVSS7.8AI score0.5457EPSS
CVE
CVE
added 2005/12/15 8:11 p.m.41 views

CVE-2005-4269

mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly...

7.8CVSS6.7AI score0.15934EPSS
CVE
CVE
added 2006/07/28 12:4 a.m.41 views

CVE-2006-3910

Internet Explorer 6 on Windows XP SP2, when Outlook is installed, allows remote attackers to cause a denial of service (crash) by calling the NewDefaultItem function of an OVCtl (OVCtl.OVCtl.1) ActiveX object, which triggers a null dereference.

5CVSS7AI score0.40668EPSS
CVE
CVE
added 2007/09/12 8:17 p.m.41 views

CVE-2007-4848

Microsoft Internet Explorer 4.0 through 7 allows remote attackers to determine the existence of local files that have associated images via a res:// URI in the src property of a JavaScript Image object, as demonstrated by the URI for a bitmap image resource within a (1) .exe or (2) .dll file.

4.3CVSS6.4AI score0.2308EPSS
CVE
CVE
added 2005/01/19 5:0 a.m.40 views

CVE-2005-0110

Internet Explorer 6 on Windows XP SP2 allows remote attackers to bypass the file download warning dialog and possibly trick an unknowledgeable user into executing arbitrary code via a web page with a body element containing an onclick tag, as demonstrated using the createElement function.

2.6CVSS7.7AI score0.027EPSS
CVE
CVE
added 2005/12/08 11:3 a.m.40 views

CVE-2005-4089

Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka "CSS...

7.1CVSS6.2AI score0.43111EPSS
CVE
CVE
added 2004/12/31 5:0 a.m.39 views

CVE-2004-1155

Internet Explorer 5.01 through 6 allows remote attackers to spoof arbitrary web sites by injecting content from one window into another window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability...

7.5CVSS6.7AI score0.19575EPSS
CVE
CVE
added 2006/02/14 11:0 a.m.39 views

CVE-2005-3240

Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder view, then predicting the drag action, and re-focu...

5.1CVSS7.3AI score0.1023EPSS
CVE
CVE
added 2005/11/16 7:37 a.m.38 views

CVE-2002-2125

Internet Explorer 6.0 does not warn users when an expired certificate authority (CA) certificate is submitted to the user and a newer CA certificate is in the user's local repository, which could allow remote attackers to decrypt web sessions via a man-in-the-middle (MITM) attack.

6.4CVSS6.8AI score0.02168EPSS
CVE
CVE
added 2006/08/08 11:4 p.m.38 views

CVE-2006-3450

Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using the document.getElementByID Javascript function to access crafted Cascading Style Sheet (CSS) elements, and possibly other unspecified vectors involving certain layout positioning combinations in an HTML file.

7.5CVSS7.3AI score0.63794EPSS
CVE
CVE
added 2006/07/11 11:5 p.m.38 views

CVE-2006-3513

danim.dll in Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) by accessing the Data property of a DirectAnimation DAUserData object before it is initialized, which triggers a NULL pointer dereference.

5CVSS6.9AI score0.35705EPSS
CVE
CVE
added 2004/12/31 5:0 a.m.37 views

CVE-2004-1104

Microsoft Internet Explorer 6.0 SP2 allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page that contains a BASE element that points to the legitimate site, followed by an anchor (a) element with an empty "href" attribute, and a FORM whose ac...

7.5CVSS6.5AI score0.37165EPSS
CVE
CVE
added 2005/12/14 11:3 a.m.37 views

CVE-2005-2830

Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability."

5CVSS6.4AI score0.50732EPSS
CVE
CVE
added 2006/08/23 1:4 a.m.37 views

CVE-2006-4301

Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) via a long Color attribute in multiple DirectX Media Image DirectX Transforms ActiveX COM Objects from (a) dxtmsft.dll and (b) dxtmsft3.dll, including (1) DXImageTransform.Microsoft.MaskFilter.1, (2) DX...

5CVSS6.9AI score0.45641EPSS
CVE
CVE
added 2007/02/23 3:28 a.m.37 views

CVE-2006-7030

Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service (crash) via certain malformed HTML, possibly involving applet and base tags without required arguments, which triggers a null pointer dereference in mshtml.dll.

5CVSS7AI score0.30084EPSS
CVE
CVE
added 2005/06/01 4:0 a.m.36 views

CVE-2005-1791

Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the user attempts to add a URI to the restricted zone, in which the full domain name of the URI begins with numeric sequences similar to an IP address. NOTE: if there is not an exploit scenario in which an attacker can trigger this beha...

2.6CVSS6.4AI score0.09402EPSS
CVE
CVE
added 2007/02/07 11:28 a.m.36 views

CVE-2007-0811

Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementB...

4.3CVSS6.6AI score0.46521EPSS
Total number of security vulnerabilities121