Filtered by vendor Microsoft
Subscriptions
Filtered by product Ie
Subscriptions
Total
210 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2003-0115 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-11-21 | N/A |
Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check parameters that are passed during third party rendering, which could allow remote attackers to execute arbitrary web script, aka the "Third Party Plugin Rendering" vulnerability, a different vulnerability than CVE-2003-0233. | ||||
CVE-2003-0114 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-11-21 | N/A |
The file upload control in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to automatically upload files from the local system via a web page containing a script to upload the files. | ||||
CVE-2003-0113 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-11-21 | N/A |
Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via an HTTP response containing long values in (1) Content-type and (2) Content-encoding fields. | ||||
CVE-2002-2435 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-11-21 | N/A |
The Cascading Style Sheets (CSS) implementation in Microsoft Internet Explorer 8.0 and earlier does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264. | ||||
CVE-2002-2125 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-11-21 | N/A |
Internet Explorer 6.0 does not warn users when an expired certificate authority (CA) certificate is submitted to the user and a newer CA certificate is in the user's local repository, which could allow remote attackers to decrypt web sessions via a man-in-the-middle (MITM) attack. | ||||
CVE-2002-1824 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-11-21 | N/A |
Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a webserver's certificate chain during a SSL/TLS handshake, does not prompt the user before searching for and finding a newer certificate, which may allow attackers to perform a man-in-the-middle attack. NOTE: it is not clear whether this poses a vulnerability. | ||||
CVE-2002-1714 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-11-21 | N/A |
Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to cause a denial of service (crash) via an object of type "text/html" with the DATA field that identifies the HTML document that contains the object, which may cause infinite recursion. | ||||
CVE-2002-1254 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-11-21 | N/A |
Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka "Cross Domain Verification via Cached Methods." | ||||
CVE-2002-1186 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-11-21 | N/A |
Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka "Encoded Characters Information Disclosure." | ||||
CVE-2002-1185 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-11-21 | N/A |
Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka "Malformed PNG Image File Failure." | ||||
CVE-2002-1142 | 1 Microsoft | 3 Data Access Components, Ie, Internet Explorer | 2024-11-21 | N/A |
Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub. | ||||
CVE-2002-0153 | 1 Microsoft | 1 Ie | 2024-11-21 | N/A |
Internet Explorer 5.1 for Macintosh allows remote attackers to bypass security checks and invoke local AppleScripts within a specific HTML element, aka the "Local Applescript Invocation" vulnerability. | ||||
CVE-2002-0152 | 1 Microsoft | 6 Entourage, Excel, Ie and 3 more | 2024-11-21 | N/A |
Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v. X and 2001 for Macintosh. | ||||
CVE-2001-1497 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-11-21 | N/A |
Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a brute-force password guessing attack. | ||||
CVE-2001-1489 | 1 Microsoft | 1 Ie | 2024-11-21 | N/A |
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images. | ||||
CVE-2001-1218 | 1 Microsoft | 1 Ie | 2024-11-21 | N/A |
Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window. | ||||
CVE-2001-0665 | 1 Microsoft | 1 Ie | 2024-11-21 | N/A |
Internet Explorer 6 and earlier allows remote attackers to cause certain HTTP requests to be automatically executed and appear to come from the user, which could allow attackers to gain privileges or execute operations within web-based services, aka the "HTTP Request Encoding vulnerability." | ||||
CVE-2000-1061 | 1 Microsoft | 1 Ie | 2024-11-21 | N/A |
Microsoft Virtual Machine (VM) in Internet Explorer 4.x and 5.x allows an unsigned applet to create and use ActiveX controls, which allows a remote attacker to bypass Internet Explorer's security settings and execute arbitrary commands via a malicious web page or email, aka the "Microsoft VM ActiveX Component" vulnerability. | ||||
CVE-2000-0768 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-11-21 | N/A |
A function in Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a variant of the "Frame Domain Verification" vulnerability. | ||||
CVE-2000-0519 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-11-21 | N/A |
Internet Explorer 4.x and 5.x does not properly re-validate an SSL certificate if the user establishes a new SSL session with the same server during the same Internet Explorer session, aka one of two different "SSL Certificate Validation" vulnerabilities. |