Lucene search

K
MicrosoftIe

67 matches found

CVE
CVE
added 2005/08/10 4:0 a.m.126 views

CVE-2005-1988

Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to execute arbitrary code via a web site or an HTML e-mail containing a crafted JPEG image that causes memory corruption, aka "JPEG Image Rendering Memory Corruption Vulnerability".

5.1CVSS7.3AI score0.83438EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.78 views

CVE-2005-0553

Race condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail, aka "DHTML Object Memory Corruption Vulnerability".

5.1CVSS7.6AI score0.73949EPSS
CVE
CVE
added 2009/07/22 6:30 p.m.75 views

CVE-2009-2576

Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affe...

5CVSS6.4AI score0.30084EPSS
CVE
CVE
added 2004/12/23 5:0 a.m.70 views

CVE-2004-0841

Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."

5CVSS7.5AI score0.39614EPSS
CVE
CVE
added 2009/06/15 7:30 p.m.67 views

CVE-2009-2057

Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampe...

5.8CVSS7.1AI score0.11952EPSS
CVE
CVE
added 2004/08/06 4:0 a.m.62 views

CVE-2004-0526

Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attac...

5CVSS7AI score0.51338EPSS
CVE
CVE
added 2005/08/10 4:0 a.m.60 views

CVE-2005-1990

Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, including (1) devenum.dll, (2) diactfrm.dll, (3) wmm...

5.1CVSS7.6AI score0.82179EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.59 views

CVE-2002-1186

Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka "Encoded Characters I...

5CVSS6.1AI score0.36509EPSS
CVE
CVE
added 2004/11/03 5:0 a.m.57 views

CVE-2004-0843

Internet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability."

5CVSS7.6AI score0.28522EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.57 views

CVE-2005-0056

Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability."

5.1CVSS7AI score0.32535EPSS
CVE
CVE
added 2004/07/07 4:0 a.m.56 views

CVE-2004-0475

The showHelp function in Internet Explorer 6 on Windows XP Pro allows remote attackers to execute arbitrary local .CHM files via a double backward slash ("\") before the target CHM file, as demonstrated using an "ms-its" URL to ntshared.chm. NOTE: this bug may overlap CVE-2003-1041.

5.1CVSS7.2AI score0.70948EPSS
CVE
CVE
added 2004/01/20 5:0 a.m.53 views

CVE-2003-1028

The download function of Internet Explorer 6 SP1 allows remote attackers to obtain the cache directory name via an HTTP response with an invalid ContentType and a .htm file, which could allow remote attackers to bypass security mechanisms that rely on random names, as demonstrated by threadid10008.

5CVSS7.1AI score0.1492EPSS
CVE
CVE
added 2005/08/16 4:0 a.m.53 views

CVE-2004-2383

Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to bypass cross-frame scripting restrictions and capture keyboard events from other domains via an HTML document with Javascript that is outside a frameset that includes the target domain, then forcing the frameset to maintain focu...

5.1CVSS6.2AI score0.23381EPSS
CVE
CVE
added 2012/03/09 11:55 a.m.51 views

CVE-2012-1545

Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.

5.8CVSS6.9AI score0.12389EPSS
CVE
CVE
added 2000/03/22 5:0 a.m.50 views

CVE-2000-0162

The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the "VM File Reading" vulnerability.

5.1CVSS6.8AI score0.01479EPSS
CVE
CVE
added 2006/04/11 11:2 p.m.50 views

CVE-2006-1719

Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) via any scrollbar Cascading Style Sheets (CSS) property.

5CVSS6.6AI score0.19067EPSS
CVE
CVE
added 2006/04/29 10:2 a.m.50 views

CVE-2006-2094

Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers ...

5.1CVSS6.6AI score0.34906EPSS
CVE
CVE
added 2009/06/15 7:30 p.m.50 views

CVE-2009-2069

Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, ...

5.8CVSS6.5AI score0.02947EPSS
CVE
CVE
added 2000/06/02 4:0 a.m.49 views

CVE-2000-0329

A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML mail, aka the "Active Setup Control" vulnerability.

5.1CVSS7AI score0.08048EPSS
CVE
CVE
added 2005/06/21 4:0 a.m.49 views

CVE-2001-1489

Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images.

5CVSS7AI score0.13452EPSS
CVE
CVE
added 2003/05/12 4:0 a.m.49 views

CVE-2003-0116

Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check the Cascading Style Sheet input parameter for Modal dialogs, which allows remote attackers to read files on the local system via a web page containing script that creates a dialog and then accesses the target files, aka "Modal Di...

5CVSS7.4AI score0.25468EPSS
CVE
CVE
added 2004/11/23 5:0 a.m.49 views

CVE-2004-0284

Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name.

5CVSS6.7AI score0.1127EPSS
CVE
CVE
added 2004/09/14 4:0 a.m.49 views

CVE-2004-0839

Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, ...

5CVSS7.4AI score0.38826EPSS
CVE
CVE
added 2004/11/03 5:0 a.m.49 views

CVE-2004-0844

Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows remote attackers to alter displayed address bars and spoof web pages via a URL containing special characters, facilitating phishing attacks, aka the "Address Bar Spoofing on Double Byte Character Set Systems Vulnerability."

5CVSS7.5AI score0.53434EPSS
CVE
CVE
added 2006/07/06 1:5 a.m.49 views

CVE-2006-3354

Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Filter property of an ADODB.Recordset ActiveX object to certain values multiple times, which triggers a null dereference.

5CVSS7AI score0.41065EPSS
CVE
CVE
added 2006/07/31 11:4 p.m.49 views

CVE-2006-3944

Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via a (1) Forms.ListBox.1 or (2) Forms.ListBox.1 object with the ListWidth property set to (a) 0x7fffffff, which triggers an integer overflow exception, or to (b) 0x7ffffffe, which triggers ...

5CVSS7.2AI score0.43175EPSS
CVE
CVE
added 2007/03/02 9:18 p.m.49 views

CVE-2006-7065

Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference.

5CVSS7AI score0.17741EPSS
CVE
CVE
added 2005/06/28 4:0 a.m.48 views

CVE-2002-1824

Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a webserver's certificate chain during a SSL/TLS handshake, does not prompt the user before searching for and finding a newer certificate, which may allow attackers to perform a man-in-the-middle attack. NOTE: it is not clear whet...

5CVSS6.8AI score0.03737EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.48 views

CVE-2005-0054

Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname, aka the "URL Decoding ...

5.1CVSS7.5AI score0.38328EPSS
CVE
CVE
added 2006/02/15 11:0 a.m.48 views

CVE-2005-4717

Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereferenc...

5CVSS6.8AI score0.10269EPSS
CVE
CVE
added 2006/07/18 3:47 p.m.48 views

CVE-2006-3657

Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (stack overflow exception) via a DXImageTransform.Microsoft.Gradient ActiveX object with a long (1) StartColorStr or (2) EndColorStr property.

5CVSS7.2AI score0.30174EPSS
CVE
CVE
added 2006/08/30 1:4 a.m.48 views

CVE-2006-4446

Heap-based buffer overflow in DirectAnimation.PathControl COM object (daxctle.ocx) in Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Spline function call whose first argument specifies a large number of points.

5CVSS7.8AI score0.7919EPSS
CVE
CVE
added 2005/02/13 5:0 a.m.47 views

CVE-2004-0869

Internet Explorer does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection....

5CVSS6.6AI score0.1568EPSS
CVE
CVE
added 2006/11/08 10:7 p.m.47 views

CVE-2006-5805

Microsoft Internet Explorer 7 allows remote attackers to cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/invalidcert.htm with the target site as an argument, which displays the site's URL in the address bar but causes Internet Explorer to report...

5CVSS6.4AI score0.02187EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.46 views

CVE-2002-1185

Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka "Malformed PNG Image File F...

5CVSS7.5AI score0.29205EPSS
CVE
CVE
added 2005/02/20 5:0 a.m.46 views

CVE-2004-1686

Internet Explorer 6.0 in Windows XP SP2 allows remote attackers to bypass the Information Bar prompt for ActiveX and Javascript via an XHTML page that contains an Internet Explorer formatted comment between the DOCTYPE tag and the HTML tag, as demonstrated using the DesignScience MathPlayer ActiveX...

5CVSS7AI score0.10697EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.46 views

CVE-2005-0500

Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to spoof the domain name of a URL in a titlebar for a script-initiated popup window, which could facilitate phishing attacks.

5CVSS6.6AI score0.16735EPSS
CVE
CVE
added 2006/07/10 8:5 p.m.46 views

CVE-2006-3472

Microsoft Internet Explorer 6.0 and 6.0 SP1 allows remote attackers to cause a denial of service via an HTML page with an A tag containing a long title attribute. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

5CVSS6.7AI score0.28361EPSS
CVE
CVE
added 2006/07/18 3:47 p.m.46 views

CVE-2006-3659

Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the location or URL property of a MHTMLFile ActiveX object.

5CVSS7AI score0.30441EPSS
CVE
CVE
added 2006/12/20 2:28 a.m.46 views

CVE-2006-6659

The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML.

5CVSS6.9AI score0.23391EPSS
CVE
CVE
added 2005/08/18 4:0 a.m.45 views

CVE-2004-2434

Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (browser crash) via a link with "::{" (colon colon left brace), which triggers a null dereference when the user attempts to save the link using "Save As" and Internet Explorer prepares an error message with an ...

5CVSS6.9AI score0.17408EPSS
CVE
CVE
added 2005/07/05 4:0 a.m.45 views

CVE-2005-2087

Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that...

5CVSS7.6AI score0.65273EPSS
CVE
CVE
added 2003/05/12 4:0 a.m.44 views

CVE-2003-0114

The file upload control in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to automatically upload files from the local system via a web page containing a script to upload the files.

5CVSS7.5AI score0.30354EPSS
CVE
CVE
added 2005/07/10 4:0 a.m.44 views

CVE-2004-2179

asycpict.dll, as used in Microsoft products such as Front Page 97 and 98, allows remote attackers to cause a denial of service (hang) via a JPEG image with maximum height and width values.

5CVSS6.9AI score0.12358EPSS
CVE
CVE
added 2006/07/10 7:5 p.m.44 views

CVE-2006-3471

Microsoft Internet Explorer 6 on Windows XP allows remote attackers to cause a denial of service (crash) via a table with a frameset as a child, which triggers a null dereference, as demonstrated using the appendChild method.

5CVSS6.9AI score0.44499EPSS
CVE
CVE
added 2011/12/07 7:55 p.m.44 views

CVE-2010-5071

The JavaScript implementation in Microsoft Internet Explorer 8.0 and earlier does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method.

5CVSS6.2AI score0.10857EPSS
CVE
CVE
added 2005/06/21 4:0 a.m.43 views

CVE-2002-1714

Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to cause a denial of service (crash) via an object of type "text/html" with the DATA field that identifies the HTML document that contains the object, which may cause infinite recursion.

5CVSS6.8AI score0.21829EPSS
CVE
CVE
added 2000/03/22 5:0 a.m.42 views

CVE-2000-0036

Outlook Express 5 for Macintosh downloads attachments to HTML mail without prompting the user, aka the "HTML Mail Attachment" vulnerability.

5CVSS6.8AI score0.19714EPSS
CVE
CVE
added 2005/05/19 4:0 a.m.42 views

CVE-2004-2090

Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers to determine the existence of arbitrary files via the VBScript LoadPicture method, which returns an error code if the file does not exist.

5CVSS7.3AI score0.39409EPSS
CVE
CVE
added 2005/12/14 11:3 a.m.42 views

CVE-2005-2829

Multiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 allow user-assisted attackers to execute arbitrary code by (1) overlaying a malicious new window above a file download box, then (2) using a keyboard shortcut and delaying the display of the file download box until the user hits...

5.1CVSS7.4AI score0.2005EPSS
Total number of security vulnerabilities67