Total
1742 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1527 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 6.0 SP1 does not properly handle certain character strings in the Path attribute, which can cause it to modify cookies in other domains when the attacker's domain name is within the target's domain name or when wildcard DNS is being used, which allows remote attackers to hijack web sessions. | |||||
| CVE-1999-0891 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
| The "download behavior" in Internet Explorer 5 allows remote attackers to read arbitrary files via a server-side redirect. | |||||
| CVE-2004-1922 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 2.6 LOW | N/A |
| Microsoft Internet Explorer 5.5 and 6.0 allocates memory based on the memory size written in the BMP file instead of the actual BMP file size, which allows remote attackers to cause a denial of service (memory consumption) via a small BMP file with has a large memory size. | |||||
| CVE-2001-1325 | 1 Microsoft | 2 Internet Explorer, Outlook Express | 2025-04-03 | 7.5 HIGH | N/A |
| Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow remote attackers to execute scripts when Active Scripting is disabled by including the scripts in XML stylesheets (XSL) that are referenced using an IFRAME tag, possibly due to a vulnerability in Windows Scripting Host (WSH). | |||||
| CVE-1999-1446 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 2.1 LOW | N/A |
| Internet Explorer 3 records a history of all URL's that are visited by a user in DAT files located in the Temporary Internet Files and History folders, which are not cleared when the user selects the "Clear History" option, and are not visible when the user browses the folders because of tailored displays. | |||||
| CVE-1999-0468 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 2.6 LOW | N/A |
| Internet Explorer 5.0 allows a remote server to read arbitrary files on the client's file system using the Microsoft Scriptlet Component. | |||||
| CVE-2002-0500 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
| Internet Explorer 5.0 through 6.0 allows remote attackers to determine the existence of files on the client via an IMG tag with a dynsrc property that references the target file, which sets certain elements of the image object such as file size. | |||||
| CVE-2000-0768 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 2.6 LOW | N/A |
| A function in Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a variant of the "Frame Domain Verification" vulnerability. | |||||
| CVE-2006-3427 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by declaring the sourceURL attribute on an uninitialized DirectAnimation.StructuredGraphicsControl ActiveX Object, which triggers a null dereference. | |||||
| CVE-2006-2056 | 1 Microsoft | 2 Internet Explorer, Windows Xp | 2025-04-03 | 5.0 MEDIUM | N/A |
| Argument injection vulnerability in Internet Explorer 6 for Windows XP SP2 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API. | |||||
| CVE-1999-0670 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 4.0 MEDIUM | N/A |
| Buffer overflow in the Eyedog ActiveX control allows a remote attacker to execute arbitrary commands. | |||||
| CVE-1999-0280 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
| Remote command execution in Microsoft Internet Explorer using .lnk and .url files. | |||||
| CVE-2002-0832 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
| Internet Explorer 5, 5.6, and 6 allows remote attackers to bypass cookie privacy settings and store information across browser sessions via the userData (storeuserData) feature. | |||||
| CVE-2003-1328 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
| The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka "Improper Cross Domain Security Validation with ShowHelp functionality." | |||||
| CVE-1999-0967 | 1 Microsoft | 3 Internet Explorer, Outlook Express, Windows Explorer | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflow in the HTML library used by Internet Explorer, Outlook Express, and Windows Explorer via the res: local resource protocol. | |||||
| CVE-2003-0446 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) in Internet Explorer 5.5 and 6.0, possibly in a component that is also used by other Microsoft products, allows remote attackers to insert arbitrary web script via an XML file that contains a parse error, which inserts the script in the resulting error message. | |||||
| CVE-2002-1185 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
| Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka "Malformed PNG Image File Failure." | |||||
| CVE-2003-0809 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
| Internet Explorer 5.01 through 6.0 does not properly handle object tags returned from a Web server during XML data binding, which allows remote attackers to execute arbitrary code via an HTML e-mail message or web page. | |||||
| CVE-2002-0023 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
| Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks. | |||||
| CVE-2005-2831 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
| Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, aka a variant of the "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2127. | |||||