Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Filtered by product Internet Explorer
Total 1740 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-1999-1453 1 Microsoft 1 Internet Explorer 2023-12-10 2.6 LOW N/A
Internet Explorer 4 allows remote attackers (malicious web site operators) to read the contents of the clipboard via the Internet WebBrowser ActiveX object.
CVE-2004-0214 1 Microsoft 5 Internet Explorer, Windows 2000, Windows 98 and 2 more 2023-12-10 10.0 HIGH N/A
Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba.
CVE-2000-0503 1 Microsoft 1 Internet Explorer 2023-12-10 2.6 LOW N/A
The IFRAME of the WebBrowser control in Internet Explorer 5.01 allows a remote attacker to violate the cross frame security policy via the NavigateComplete2 event.
CVE-2001-0727 1 Microsoft 1 Internet Explorer 2023-12-10 7.5 HIGH N/A
Internet Explorer 6.0 allows remote attackers to execute arbitrary code by modifying the Content-Disposition and Content-Type header fields in a way that causes Internet Explorer to believe that the file is safe to open without prompting the user, aka the "File Execution Vulnerability."
CVE-2003-1027 1 Microsoft 2 Ie, Internet Explorer 2023-12-10 10.0 HIGH N/A
Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."
CVE-2003-0823 1 Microsoft 2 Ie, Internet Explorer 2023-12-10 7.5 HIGH N/A
Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027.
CVE-2003-0309 1 Microsoft 1 Internet Explorer 2023-12-10 7.5 HIGH N/A
Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass security zone restrictions and execute arbitrary programs via a web document with a large number of duplicate file:// or other requests that point to the program and open multiple file download dialogs, which eventually cause Internet Explorer to execute the program, as demonstrated using a large number of FRAME or IFRAME tags, aka the "File Download Dialog Vulnerability."
CVE-2000-0768 1 Microsoft 2 Ie, Internet Explorer 2023-12-10 2.6 LOW N/A
A function in Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a variant of the "Frame Domain Verification" vulnerability.
CVE-2002-1142 1 Microsoft 3 Data Access Components, Ie, Internet Explorer 2023-12-10 7.5 HIGH N/A
Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.
CVE-2002-1254 1 Microsoft 2 Ie, Internet Explorer 2023-12-10 7.5 HIGH N/A
Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka "Cross Domain Verification via Cached Methods."
CVE-2002-1714 1 Microsoft 2 Ie, Internet Explorer 2023-12-10 5.0 MEDIUM N/A
Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to cause a denial of service (crash) via an object of type "text/html" with the DATA field that identifies the HTML document that contains the object, which may cause infinite recursion.
CVE-2003-1326 1 Microsoft 2 Ie, Internet Explorer 2023-12-10 7.5 HIGH N/A
Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box."
CVE-1999-1087 1 Microsoft 1 Internet Explorer 2023-12-10 7.5 HIGH N/A
Internet Explorer 4 treats a 32-bit number ("dotless IP address") in the a URL as the hostname instead of an IP address, which causes IE to apply Local Intranet Zone settings to the resulting web page, allowing remote malicious web servers to conduct unauthorized activities by using URLs that contain the dotless IP address for their server.
CVE-2003-0815 1 Microsoft 2 Ie, Internet Explorer 2023-12-10 7.5 HIGH N/A
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability.
CVE-2003-0446 1 Microsoft 1 Internet Explorer 2023-12-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) in Internet Explorer 5.5 and 6.0, possibly in a component that is also used by other Microsoft products, allows remote attackers to insert arbitrary web script via an XML file that contains a parse error, which inserts the script in the resulting error message.
CVE-2002-2311 2 Microsoft, Opera Software 2 Internet Explorer, Opera Web Browser 2023-12-10 6.4 MEDIUM N/A
Microsoft Internet Explorer 6.0 and possibly others allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage. NOTE: it was reported that the vendor has disputed the severity of this issue.
CVE-2002-0980 1 Microsoft 1 Internet Explorer 2023-12-10 7.5 HIGH N/A
The Web Folder component for Internet Explorer 5.5 and 6.0 writes an error message to a known location in the temporary folder, which allows remote attackers to execute arbitrary code by injecting it into the error message, then referring to the error message file via a mhtml: URL.
CVE-2004-1043 1 Microsoft 2 Internet Explorer, Windows Xp 2023-12-10 5.0 MEDIUM N/A
Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control (hhctrl.ocx) to open a Help popup window containing the PCHealth tools.htm file in the local zone and injecting Javascript to be executed, as demonstrated using "writehta.txt" and the ADODB recordset, which saves a .HTA file to the local system, aka the "HTML Help ActiveX control Cross Domain Vulnerability."
CVE-1999-1016 2 Microsoft, Qualcomm 4 Frontpage, Internet Explorer, Outlook Express and 1 more 2023-12-10 5.0 MEDIUM N/A
Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) FrontPage Express, (3) Outlook Express 5, and (4) Eudora, and possibly others, allows remote malicious web site or HTML emails to cause a denial of service (100% CPU consumption) via large HTML form fields such as text inputs in a table cell.
CVE-2004-1050 2 Avaya, Microsoft 7 Definity One Media Server, Ip600 Media Servers, Modular Messaging Message Storage Server and 4 more 2023-12-10 10.0 HIGH N/A
Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability."