Total
1742 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-0662 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
| Internet Explorer 5.x and Microsoft Outlook allows remote attackers to read arbitrary files by redirecting the contents of an IFRAME using the DHTML Edit Control (DHTMLED). | |||||
| CVE-2005-0554 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in the URL processor of Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL with a long hostname, aka "URL Parsing Memory Corruption Vulnerability." | |||||
| CVE-1999-0469 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
| Internet Explorer 5.0 allows window spoofing, allowing a remote attacker to spoof a legitimate web site and capture information from the client. | |||||
| CVE-2002-0078 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
| The zone determination function in Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to run scripts in the Local Computer zone by embedding the script in a cookie, aka the "Cookie-based Script Execution" vulnerability. | |||||
| CVE-2006-2382 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via crafted UTF-8 encoded HTML that results in size discrepancies during conversion to Unicode, aka "HTML Decoding Memory Corruption Vulnerability." | |||||
| CVE-2005-1790 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 2.6 LOW | N/A |
| Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106, and earlier versions, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a Javascript BODY onload event that calls the window function, aka "Mismatched Document Object Model Objects Memory Corruption Vulnerability." | |||||
| CVE-2006-1191 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 4.0 MEDIUM | N/A |
| Microsoft Internet Explorer 5.01 through 6 does not always correctly identify the domain that is associated with a browser window, which allows remote attackers to obtain sensitive cross-domain information and spoof sites by running script after the user has navigated to another site. | |||||
| CVE-2001-1497 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 2.1 LOW | N/A |
| Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a brute-force password guessing attack. | |||||
| CVE-2004-2476 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 2.6 LOW | N/A |
| Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (infinite loop and crash) via an IFRAME with "?" as the file source. | |||||
| CVE-2005-4810 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 7.0 Beta3 and earlier allows remote attackers to cause a denial of service (crash) via a "text/html" HTML Content-type header sent in response to an XMLHttpRequest (AJAX). | |||||
| CVE-2002-1824 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a webserver's certificate chain during a SSL/TLS handshake, does not prompt the user before searching for and finding a newer certificate, which may allow attackers to perform a man-in-the-middle attack. NOTE: it is not clear whether this poses a vulnerability. | |||||
| CVE-2004-1416 | 2 Microsoft, Realnetworks | 2 Internet Explorer, Realone Player | 2025-04-03 | 5.1 MEDIUM | N/A |
| pnxr3260.dll in the RealOne 2.0 build 6.0.11.868 browser plugin, as used in Internet Explorer, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embed tag. | |||||
| CVE-2005-4717 | 1 Microsoft | 6 Ie, Internet Explorer, Windows 2000 and 3 more | 2025-04-03 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar. | |||||
| CVE-2003-0823 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
| Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027. | |||||
| CVE-2001-0722 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 6.4 MEDIUM | N/A |
| Internet Explorer 5.5 and 6.0 allows remote attackers to read and modify user cookies via Javascript in an about: URL, aka the "First Cookie Handling Vulnerability." | |||||
| CVE-2002-1688 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
| The browser history feature in Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to execute arbitrary script as other users and steal authentication information via cookies by injecting JavaScript into the URL, which is executed when the user hits the Back button. | |||||
| CVE-2004-0727 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
| Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability." | |||||
| CVE-2002-1142 | 1 Microsoft | 3 Data Access Components, Ie, Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub. | |||||
| CVE-2003-1025 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 4.3 MEDIUM | N/A |
| Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability." | |||||
| CVE-2000-0028 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 2.6 LOW | N/A |
| Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function. | |||||