Lucene search

K
MicrosoftIe

19 matches found

CVE
CVE
added 2000/10/13 4:0 a.m.72 views

CVE-2000-0518

Internet Explorer 4.x and 5.x does not properly verify all contents of an SSL certificate if a connection is made to the server via an image or a frame, aka one of two different "SSL Certificate Validation" vulnerabilities.

2.6CVSS6.6AI score0.02187EPSS
CVE
CVE
added 2005/01/06 5:0 a.m.58 views

CVE-2004-1331

The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows remote attackers to bypass the "File Download - Security Warning" dialog and save arbitrary files with arbitrary extensions via the SaveAs command.

2.6CVSS6.7AI score0.27108EPSS
CVE
CVE
added 2000/02/04 5:0 a.m.56 views

CVE-1999-0827

By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allows frame spoofing.

2.6CVSS7AI score0.00877EPSS
CVE
CVE
added 2006/02/18 2:2 a.m.52 views

CVE-2006-0753

Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service (memory consumption) via JavaScript that uses setInterval to repeatedly call a function to set the value of window.status.

2.6CVSS6.5AI score0.16941EPSS
CVE
CVE
added 2000/02/04 5:0 a.m.51 views

CVE-2000-0028

Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function.

2.6CVSS7.1AI score0.21836EPSS
CVE
CVE
added 2006/04/11 11:2 p.m.51 views

CVE-2006-1192

Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow "window content to persist" after the user has navigated to another site, aka the "Address Bar Spoofing Vulnerabi...

2.6CVSS6.2AI score0.53049EPSS
CVE
CVE
added 2006/07/11 10:5 p.m.51 views

CVE-2006-3510

The Remote Data Service Object (RDS.DataControl) in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (crash) via a series of operations that result in an invalid length calculation when using SysAllocStringLen, then triggers a buffer over-read.

2.6CVSS6.8AI score0.43426EPSS
CVE
CVE
added 2005/10/21 6:2 p.m.50 views

CVE-2005-2126

The FTP client in Windows XP SP1 and Server 2003, and Internet Explorer 6 SP1 on Windows 2000 SP4, when "Enable Folder View for FTP Sites" is enabled and the user manually initiates a file transfer, allows user-assisted, remote FTP servers to overwrite files in arbitrary locations via crafted filen...

2.6CVSS6.7AI score0.61694EPSS
CVE
CVE
added 2000/10/20 4:0 a.m.47 views

CVE-2000-0768

A function in Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a variant of the "Frame Domain Verification" vulnerability.

2.6CVSS6.8AI score0.16317EPSS
CVE
CVE
added 2002/03/15 5:0 a.m.47 views

CVE-2001-1218

Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window.

2.1CVSS6.8AI score0.00244EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.45 views

CVE-2000-0519

Internet Explorer 4.x and 5.x does not properly re-validate an SSL certificate if the user establishes a new SSL session with the same server during the same Internet Explorer session, aka one of two different "SSL Certificate Validation" vulnerabilities.

2.6CVSS7AI score0.02187EPSS
CVE
CVE
added 2006/06/02 10:18 a.m.45 views

CVE-2006-2766

Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a long mhtml URI in the URL value in a URL file.

2.6CVSS6.7AI score0.63435EPSS
CVE
CVE
added 2005/03/11 5:0 a.m.43 views

CVE-2003-1105

Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to cause a denial of service (browser or Outlook Express crash) via HTML with certain input tags that are not properly rendered.

2.6CVSS6.9AI score0.09233EPSS
CVE
CVE
added 2005/07/17 4:0 a.m.43 views

CVE-2004-2219

Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake.

2.6CVSS6.6AI score0.24002EPSS
CVE
CVE
added 2005/06/21 4:0 a.m.41 views

CVE-2001-1497

Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a brute-force password guessi...

2.1CVSS6.8AI score0.01075EPSS
CVE
CVE
added 2005/01/19 5:0 a.m.40 views

CVE-2005-0110

Internet Explorer 6 on Windows XP SP2 allows remote attackers to bypass the file download warning dialog and possibly trick an unknowledgeable user into executing arbitrary code via a web page with a body element containing an onclick tag, as demonstrated using the createElement function.

2.6CVSS7.7AI score0.027EPSS
CVE
CVE
added 2006/07/31 11:4 p.m.40 views

CVE-2006-3943

Stack-based buffer overflow in NDFXArtEffects in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via long (1) RGBExtraColor, (2) RGBForeColor, and (3) RGBBackColor properties.

2.6CVSS7.4AI score0.38257EPSS
CVE
CVE
added 2006/12/12 8:28 p.m.38 views

CVE-2006-5578

Microsoft Internet Explorer 6 and earlier allows remote attackers to read Temporary Internet Files (TIF) and obtain sensitive information via unspecified vectors involving certain drag and drop operations, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-55...

2.6CVSS5.9AI score0.51816EPSS
CVE
CVE
added 2005/06/01 4:0 a.m.36 views

CVE-2005-1791

Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the user attempts to add a URI to the restricted zone, in which the full domain name of the URI begins with numeric sequences similar to an IP address. NOTE: if there is not an exploit scenario in which an attacker can trigger this beha...

2.6CVSS6.4AI score0.09402EPSS