Filtered by vendor Microsoft
Subscriptions
Filtered by product Internet Explorer
Subscriptions
Total
1743 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2000-0266 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | N/A |
| Internet Explorer 5.01 allows remote attackers to bypass the cross frame security policy via a malicious applet that interacts with the Java JSObject to modify the DOM properties to set the IFRAME to an arbitrary Javascript URL. | ||||
| CVE-2000-0201 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | N/A |
| The window.showHelp() method in Internet Explorer 5.x does not restrict HTML help files (.chm) to be executed from the local host, which allows remote attackers to execute arbitrary commands via Microsoft Networking. | ||||
| CVE-2000-0162 | 1 Microsoft | 3 Ie, Internet Explorer, Visual Studio | 2025-04-03 | N/A |
| The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the "VM File Reading" vulnerability. | ||||
| CVE-2000-0160 | 1 Microsoft | 3 Ie, Internet Explorer, Outlook | 2025-04-03 | N/A |
| The Microsoft Active Setup ActiveX component in Internet Explorer 4.x and 5.x allows a remote attacker to install software components without prompting the user by stating that the software's manufacturer is Microsoft. | ||||
| CVE-2000-0156 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | N/A |
| Internet Explorer 4.x and 5.x allows remote web servers to access files on the client that are outside of its security domain, aka the "Image Source Redirect" vulnerability. | ||||
| CVE-2000-0061 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | N/A |
| Internet Explorer 5 does not modify the security zone for a document that is being loaded into a window until after the document has been loaded, which could allow remote attackers to execute Javascript in a different security context while the document is loading. | ||||
| CVE-2000-0028 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | N/A |
| Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function. | ||||
| CVE-1999-1578 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | N/A |
| Buffer overflow in Registration Wizard ActiveX control (regwizc.dll, InvokeRegWizard) 3.0.0.0 for Internet Explorer 4.01 and 5 allows remote attackers to execute arbitrary commands. | ||||
| CVE-2003-0309 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | N/A |
| Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass security zone restrictions and execute arbitrary programs via a web document with a large number of duplicate file:// or other requests that point to the program and open multiple file download dialogs, which eventually cause Internet Explorer to execute the program, as demonstrated using a large number of FRAME or IFRAME tags, aka the "File Download Dialog Vulnerability." | ||||
| CVE-2006-2094 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | N/A |
| Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control. | ||||
| CVE-2003-0814 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | N/A |
| Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability. | ||||
| CVE-2004-2476 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | N/A |
| Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (infinite loop and crash) via an IFRAME with "?" as the file source. | ||||
| CVE-1999-1577 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | N/A |
| Buffer overflow in HHOpen ActiveX control (hhopen.ocx) 1.0.0.1 for Internet Explorer 4.01 and 5 allows remote attackers to execute arbitrary commands via long arguments to the OpenHelp method. | ||||
| CVE-1999-1575 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | N/A |
| The Kodak/Wang (1) Image Edit (imgedit.ocx), (2) Image Annotation (imgedit.ocx), (3) Image Scan (imgscan.ocx), (4) Thumbnail Image (imgthumb.ocx), (5) Image Admin (imgadmin.ocx), (6) HHOpen (hhopen.ocx), (7) Registration Wizard (regwizc.dll), and (8) IE Active Setup (setupctl.dll) ActiveX controls for Internet Explorer (IE) 4.01 and 5.0 are marked as "Safe for Scripting," which allows remote attackers to create and modify files and execute arbitrary commands. | ||||
| CVE-1999-0331 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | N/A |
| Buffer overflow in Internet Explorer 4.0(1). | ||||
| CVE-1999-1473 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | N/A |
| When a Web site redirects the browser to another site, Internet Explorer 3.02 and 4.0 automatically resends authentication information to the second site, aka the "Page Redirect Issue." | ||||
| CVE-1999-1472 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | N/A |
| Internet Explorer 4.0 allows remote attackers to read arbitrary text and HTML files on the user's machine via a small IFRAME that uses Dynamic HTML (DHTML) to send the data to the attacker, aka the Freiburg text-viewing issue. | ||||
| CVE-1999-1453 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | N/A |
| Internet Explorer 4 allows remote attackers (malicious web site operators) to read the contents of the clipboard via the Internet WebBrowser ActiveX object. | ||||
| CVE-1999-1447 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | N/A |
| Internet Explorer 4.0 allows remote attackers to cause a denial of service (crash) via HTML code that contains a long CLASSID parameter in an OBJECT tag. | ||||
| CVE-1999-1446 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | N/A |
| Internet Explorer 3 records a history of all URL's that are visited by a user in DAT files located in the Temporary Internet Files and History folders, which are not cleared when the user selects the "Clear History" option, and are not visible when the user browses the folders because of tailored displays. | ||||