Total
1742 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0978 | 1 Microsoft | 7 Internet Explorer, Windows 2000, Windows 98se and 4 more | 2025-04-03 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX control for Internet Explorer 5.01 through 6, when users who visit online gaming sites that are associated with MSN, allows remote attackers to execute arbitrary code via the SetupData parameter. | |||||
| CVE-2002-0722 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
| Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to misrepresent the source of a file in the File Download dialogue box to trick users into thinking that the file type is safe to download, aka "File Origin Spoofing." | |||||
| CVE-2005-0555 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in the Content Advisor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a crafted Content Advisor file, aka "Content Advisor Memory Corruption Vulnerability." | |||||
| CVE-2005-3312 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 4.3 MEDIUM | N/A |
| The HTML rendering engine in Microsoft Internet Explorer 6.0 allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML in corrupted images and other files such as .GIF, JPG, and WAV, which is rendered as HTML when the user clicks on the link, even though the web server response and file extension indicate that it should be treated as a different file type. | |||||
| CVE-2006-3637 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 5.1 MEDIUM | N/A |
| Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-assisted remote attackers to execute arbitrary code via a crafted HTML file that leads to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability." | |||||
| CVE-1999-0827 | 2 Microsoft, Netscape | 3 Ie, Internet Explorer, Navigator | 2025-04-03 | 2.6 LOW | N/A |
| By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allows frame spoofing. | |||||
| CVE-2001-0727 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
| Internet Explorer 6.0 allows remote attackers to execute arbitrary code by modifying the Content-Disposition and Content-Type header fields in a way that causes Internet Explorer to believe that the file is safe to open without prompting the user, aka the "File Execution Vulnerability." | |||||
| CVE-2006-2383 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via "unexpected data" related to "parameter validation" in the DXImageTransform.Microsoft.Light ActiveX control, which causes Internet Explorer to crash in a way that enables the code execution. | |||||
| CVE-2005-4841 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.1 HIGH | N/A |
| The Outlook Progress Ctl control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer. | |||||
| CVE-2006-3658 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by accessing the object references of a FolderItem ActiveX object, which triggers a null dereference in the security check. | |||||
| CVE-2006-3200 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unspecified versions of Internet Explorer allow remote attackers to cause a denial of service (crash) via an IFRAME with a src tag containing a "File://" URI followed by an 8-bit character. NOTE: some third parties were unable to verify this issue. | |||||
| CVE-2006-2384 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to conduct spoofing and phishing attacks by using a modal browser window in a way that preserves the original address bar and trusted UI of a trusted site, even after the browser has been navigated to a malicious site, aka the "Address Bar Spoofing Vulnerability." | |||||
| CVE-1999-0669 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 4.0 MEDIUM | N/A |
| The Eyedog ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy. | |||||
| CVE-2006-3512 | 1 Microsoft | 2 Internet Explorer, Windows Xp | 2025-04-03 | 5.0 MEDIUM | N/A |
| Internet Explorer 6 on Windows XP allows remote attackers to cause a denial of service (crash) by setting the Enabled property of a DXTFilter ActiveX object to true, which triggers a null dereference. | |||||
| CVE-2002-0647 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in a legacy ActiveX control used to display specially formatted text in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code, aka "Buffer Overrun in Legacy Text Formatting ActiveX Control". | |||||
| CVE-2006-3659 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the location or URL property of a MHTMLFile ActiveX object. | |||||
| CVE-2003-1028 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
| The download function of Internet Explorer 6 SP1 allows remote attackers to obtain the cache directory name via an HTTP response with an invalid ContentType and a .htm file, which could allow remote attackers to bypass security mechanisms that rely on random names, as demonstrated by threadid10008. | |||||
| CVE-2005-4089 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 7.1 HIGH | N/A |
| Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka "CSSXSS" and "CSS Cross-Domain Information Disclosure Vulnerability." | |||||
| CVE-2005-0500 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
| Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to spoof the domain name of a URL in a titlebar for a script-initiated popup window, which could facilitate phishing attacks. | |||||
| CVE-2005-4843 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.8 HIGH | N/A |
| The SmartConnect Class control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer. | |||||