Lucene search

K
MicrosoftInternet Explorer

44 matches found

CVE
CVE
added 2004/07/27 4:0 a.m.79 views

CVE-2004-0727

Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstr...

7.5CVSS7.8AI score0.64045EPSS
CVE
CVE
added 2004/12/31 5:0 a.m.73 views

CVE-2004-1050

Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability."

10CVSS7.8AI score0.756EPSS
CVE
CVE
added 2004/12/23 5:0 a.m.70 views

CVE-2004-0841

Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."

5CVSS7.5AI score0.39614EPSS
CVE
CVE
added 2004/12/23 5:0 a.m.69 views

CVE-2004-0842

Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "@;/*"...

7.5CVSS7.6AI score0.74808EPSS
CVE
CVE
added 2004/12/23 5:0 a.m.67 views

CVE-2004-0867

Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was later reported that 2.x is also affected.

7.5CVSS6.9AI score0.04214EPSS
CVE
CVE
added 2004/11/03 5:0 a.m.66 views

CVE-2004-0214

Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba.

10CVSS7.9AI score0.73831EPSS
CVE
CVE
added 2004/02/03 5:0 a.m.63 views

CVE-2003-0816

Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using...

7.5CVSS7.6AI score0.72126EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.63 views

CVE-2003-1326

Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box."

7.5CVSS7.6AI score0.1111EPSS
CVE
CVE
added 2004/08/06 4:0 a.m.62 views

CVE-2004-0526

Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attac...

5CVSS7AI score0.51338EPSS
CVE
CVE
added 2004/07/27 4:0 a.m.60 views

CVE-2003-1048

Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.

10CVSS7.3AI score0.5977EPSS
CVE
CVE
added 2004/08/06 4:0 a.m.60 views

CVE-2004-0549

The WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript,...

10CVSS7.8AI score0.71697EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.59 views

CVE-2002-1186

Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka "Encoded Characters I...

5CVSS6.1AI score0.33375EPSS
CVE
CVE
added 2004/01/20 5:0 a.m.59 views

CVE-2003-1026

Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka th...

9.3CVSS7.5AI score0.59285EPSS
CVE
CVE
added 2004/11/03 5:0 a.m.57 views

CVE-2004-0843

Internet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability."

5CVSS7.6AI score0.28522EPSS
CVE
CVE
added 2004/12/31 5:0 a.m.55 views

CVE-2004-1166

CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP sessi...

7.5CVSS7.7AI score0.7521EPSS
CVE
CVE
added 2004/02/03 5:0 a.m.54 views

CVE-2003-0823

Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027.

7.5CVSS7.5AI score0.60933EPSS
CVE
CVE
added 2004/01/20 5:0 a.m.53 views

CVE-2003-1025

Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability....

4.3CVSS7.4AI score0.67172EPSS
CVE
CVE
added 2004/01/20 5:0 a.m.53 views

CVE-2003-1028

The download function of Internet Explorer 6 SP1 allows remote attackers to obtain the cache directory name via an HTTP response with an invalid ContentType and a .htm file, which could allow remote attackers to bypass security mechanisms that rely on random names, as demonstrated by threadid10008.

5CVSS7.1AI score0.1492EPSS
CVE
CVE
added 2004/02/03 5:0 a.m.52 views

CVE-2003-0815

Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using t...

7.5CVSS7.7AI score0.17013EPSS
CVE
CVE
added 2004/07/07 4:0 a.m.52 views

CVE-2004-0420

The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on...

10CVSS7.5AI score0.55056EPSS
CVE
CVE
added 2004/12/31 5:0 a.m.52 views

CVE-2004-0979

Internet Explorer on Windows XP does not properly modify the "Drag and Drop or copy and paste files" setting when the user sets it to "Disable" or "Prompt," which may enable security-sensitive operations that are inconsistent with the user's intended configuration.

4.6CVSS6.5AI score0.03174EPSS
CVE
CVE
added 2004/02/03 5:0 a.m.51 views

CVE-2003-0814

Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability...

7.5CVSS7.8AI score0.29686EPSS
CVE
CVE
added 2004/12/31 5:0 a.m.51 views

CVE-2004-1043

Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control (hhctrl.ocx) to open a Help popup window containing the PCHealth tools.htm file in the local zone and injecting Javascript to be executed, as d...

5CVSS7.4AI score0.7018EPSS
CVE
CVE
added 2004/11/23 5:0 a.m.49 views

CVE-2004-0284

Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name.

5CVSS6.7AI score0.1127EPSS
CVE
CVE
added 2004/09/14 4:0 a.m.49 views

CVE-2004-0839

Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, ...

5CVSS7.4AI score0.38826EPSS
CVE
CVE
added 2004/11/03 5:0 a.m.48 views

CVE-2004-0216

Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-bas...

10CVSS8AI score0.48486EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.47 views

CVE-2002-0193

Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error messa...

7.5CVSS8AI score0.45776EPSS
CVE
CVE
added 2004/04/15 4:0 a.m.47 views

CVE-2003-0513

Microsoft Internet Explorer allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Internet Explorer to send the cookie outside the specified URL subsets, e.g. to a vulnerable app...

7.5CVSS6.6AI score0.04641EPSS
CVE
CVE
added 2004/02/03 5:0 a.m.47 views

CVE-2003-0817

Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object.

7.5CVSS7.7AI score0.16176EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.46 views

CVE-2002-1185

Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka "Malformed PNG Image File F...

5CVSS7.5AI score0.29205EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.45 views

CVE-2002-1142

Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.

7.5CVSS7.5AI score0.83043EPSS
CVE
CVE
added 2004/06/14 4:0 a.m.45 views

CVE-2003-1041

Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug ma...

7.5CVSS7.2AI score0.70948EPSS
CVE
CVE
added 2004/01/20 5:0 a.m.44 views

CVE-2003-1027

Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerab...

10CVSS7.5AI score0.60933EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.44 views

CVE-2003-1328

The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka "Improper Cross Domain Security Validation with ShowHelp functionality."

7.5CVSS7.9AI score0.43563EPSS
CVE
CVE
added 2004/07/27 4:0 a.m.44 views

CVE-2004-0566

Integer overflow in imgbmp.cxx for Windows 2000 allows remote attackers to execute arbitrary code via a BMP image with a large bfOffBits value.

7.5CVSS8AI score0.57434EPSS
CVE
CVE
added 2004/07/27 4:0 a.m.44 views

CVE-2004-0719

Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, and possibly other versions, does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnera...

7.5CVSS6.7AI score0.15583EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.42 views

CVE-2001-0643

Internet Explorer 5.5 does not display the Class ID (CLSID) when it is at the end of the file name, which could allow attackers to trick the user into executing dangerous programs by making it appear that the document is of a safe file type.

5CVSS6.9AI score0.13964EPSS
CVE
CVE
added 2004/07/07 4:0 a.m.42 views

CVE-2004-0484

mshtml.dll in Microsoft Internet Explorer 6.0.2800 allows remote attackers to cause a denial of service (crash) via a table containing a form that crosses multiple td elements, and whose "float: left" class is defined in a link to a CSS stylesheet after the end of the table, which may trigger a nul...

2.6CVSS6.9AI score0.26837EPSS
CVE
CVE
added 2004/12/31 5:0 a.m.41 views

CVE-2004-1173

Internet Explorer 6 allows remote attackers to bypass the popup blocker via the document object model (DOM) methods in the DHTML Dynamic HTML (DHTML) Editing Component (DEC) and Javascript that calls showModalDialog.

7.5CVSS7AI score0.07461EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.40 views

CVE-2002-0188

Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error messa...

7.5CVSS8.1AI score0.20209EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.40 views

CVE-2002-1188

Internet Explorer 5.01 through 6.0 allows remote attackers to identify the path to the Temporary Internet Files folder and obtain user information such as cookies via certain uses of the OBJECT tag, which are not subjected to the proper security checks, aka "Temporary Internet Files folders Name Re...

6.4CVSS6.5AI score0.16205EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.39 views

CVE-2002-1187

Cross-site scripting vulnerability (XSS) in Internet Explorer 5.01 through 6.0 allows remote attackers to read and execute files on the local system via web pages using the or element and javascript, aka "Frames Cross Site Scripting," as demonstrated using the PrivacyPolicy.dlg resource.

6.8CVSS6.4AI score0.26559EPSS
CVE
CVE
added 2004/12/31 5:0 a.m.39 views

CVE-2004-1155

Internet Explorer 5.01 through 6 allows remote attackers to spoof arbitrary web sites by injecting content from one window into another window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability...

7.5CVSS6.7AI score0.19575EPSS
CVE
CVE
added 2004/11/03 5:0 a.m.38 views

CVE-2004-0845

Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site.

6.4CVSS7.3AI score0.40729EPSS