Filtered by vendor Microsoft
Subscriptions
Filtered by product Internet Explorer
Subscriptions
Total
1744 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2000-0439 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | N/A |
| Internet Explorer 4.0 and 5.0 allows a malicious web site to obtain client cookies from another domain by including that domain name and escaped characters in a URL, aka the "Unauthorized Cookie Access" vulnerability. | ||||
| CVE-2002-0269 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | N/A |
| Internet Explorer 5.x and 6 interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web applications that use a text/plain type to prevent cross-site scripting attacks. | ||||
| CVE-2000-0503 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | N/A |
| The IFRAME of the WebBrowser control in Internet Explorer 5.01 allows a remote attacker to violate the cross frame security policy via the NavigateComplete2 event. | ||||
| CVE-1999-1578 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | N/A |
| Buffer overflow in Registration Wizard ActiveX control (regwizc.dll, InvokeRegWizard) 3.0.0.0 for Internet Explorer 4.01 and 5 allows remote attackers to execute arbitrary commands. | ||||
| CVE-1999-1575 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | N/A |
| The Kodak/Wang (1) Image Edit (imgedit.ocx), (2) Image Annotation (imgedit.ocx), (3) Image Scan (imgscan.ocx), (4) Thumbnail Image (imgthumb.ocx), (5) Image Admin (imgadmin.ocx), (6) HHOpen (hhopen.ocx), (7) Registration Wizard (regwizc.dll), and (8) IE Active Setup (setupctl.dll) ActiveX controls for Internet Explorer (IE) 4.01 and 5.0 are marked as "Safe for Scripting," which allows remote attackers to create and modify files and execute arbitrary commands. | ||||
| CVE-2005-0918 | 2 Adobe, Microsoft | 2 Svg Viewer, Internet Explorer | 2025-04-03 | N/A |
| The NPSVG3.dll ActiveX control for Adobe SVG Viewer 3.02 and earlier, when running on Internet Explorer, allows remote attackers to determine the existence of arbitrary files by setting the src property to the target filename and using Javascript to determine if the web page immediately stops loading, which indicates whether the file exists or not. | ||||
| CVE-2002-0242 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | N/A |
| Cross-site scripting vulnerability in Internet Explorer 6 earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed. | ||||
| CVE-2002-0862 | 2 Apple, Microsoft | 10 Macos, Internet Explorer, Office and 7 more | 2025-04-03 | N/A |
| The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS. | ||||
| CVE-1999-1472 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | N/A |
| Internet Explorer 4.0 allows remote attackers to read arbitrary text and HTML files on the user's machine via a small IFRAME that uses Dynamic HTML (DHTML) to send the data to the attacker, aka the Freiburg text-viewing issue. | ||||
| CVE-1999-1446 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | N/A |
| Internet Explorer 3 records a history of all URL's that are visited by a user in DAT files located in the Temporary Internet Files and History folders, which are not cleared when the user selects the "Clear History" option, and are not visible when the user browses the folders because of tailored displays. | ||||
| CVE-2002-0189 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | N/A |
| Cross-site scripting vulnerability in Internet Explorer 6.0 allows remote attackers to execute scripts in the Local Computer zone via a URL that exploits a local HTML resource file, aka the "Cross-Site Scripting in Local HTML Resource" vulnerability. | ||||
| CVE-1999-1235 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | N/A |
| Internet Explorer 5.0 records the username and password for FTP servers in the URL history, which could allow (1) local users to read the information from another user's index.dat, or (2) people who are physically observing ("shoulder surfing") another user to read the information from the status bar when the user moves the mouse over a link. | ||||
| CVE-2002-1564 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | N/A |
| Internet Explorer 5.5 and 6.0 allows remote attackers to steal potentially sensitive information from cookies via a cookie that contains script which is executed when a page is loaded, aka the "Script within Cookies Reading Cookies" vulnerability. | ||||
| CVE-2002-0188 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | N/A |
| Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the second variant of the "Content Disposition" vulnerability. | ||||
| CVE-2002-0647 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | N/A |
| Buffer overflow in a legacy ActiveX control used to display specially formatted text in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code, aka "Buffer Overrun in Legacy Text Formatting ActiveX Control". | ||||
| CVE-2002-0648 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | N/A |
| The legacy <script> data-island capability for XML in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read arbitrary XML files, and portions of other files, via a URL whose "src" attribute redirects to a local file. | ||||
| CVE-2002-1186 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | N/A |
| Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka "Encoded Characters Information Disclosure." | ||||
| CVE-1999-1110 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | N/A |
| Windows Media Player ActiveX object as used in Internet Explorer 5.0 returns a specific error code when a file does not exist, which allows remote malicious web sites to determine the existence of files on the client. | ||||
| CVE-2000-0160 | 1 Microsoft | 3 Ie, Internet Explorer, Outlook | 2025-04-03 | N/A |
| The Microsoft Active Setup ActiveX component in Internet Explorer 4.x and 5.x allows a remote attacker to install software components without prompting the user by stating that the software's manufacturer is Microsoft. | ||||
| CVE-1999-1093 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | N/A |
| Buffer overflow in the Window.External function in the JScript Scripting Engine in Internet Explorer 4.01 SP1 and earlier allows remote attackers to execute arbitrary commands via a malicious web page. | ||||