Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Filtered by product Ie
Total 203 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-1719 1 Microsoft 1 Ie 2025-04-03 5.0 MEDIUM N/A
Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) via any scrollbar Cascading Style Sheets (CSS) property.
CVE-2003-1559 1 Microsoft 2 Ie, Internet Explorer 2025-04-03 5.0 MEDIUM N/A
Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.
CVE-2003-0531 1 Microsoft 2 Ie, Internet Explorer 2025-04-03 7.5 HIGH N/A
Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to access and execute script in the My Computer domain using the browser cache via crafted Content-Type and Content-Disposition headers, aka the "Browser Cache Script Execution in My Computer Zone" vulnerability.
CVE-2004-2291 1 Microsoft 2 Ie, Internet Explorer 2025-04-03 7.5 HIGH N/A
Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via an embedded script that uses Shell Helper objects and a shortcut (link) to execute the target script.
CVE-2002-1824 1 Microsoft 2 Ie, Internet Explorer 2025-04-03 5.0 MEDIUM N/A
Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a webserver's certificate chain during a SSL/TLS handshake, does not prompt the user before searching for and finding a newer certificate, which may allow attackers to perform a man-in-the-middle attack. NOTE: it is not clear whether this poses a vulnerability.
CVE-2002-1142 1 Microsoft 3 Data Access Components, Ie, Internet Explorer 2025-04-03 7.5 HIGH N/A
Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.
CVE-2003-0115 1 Microsoft 2 Ie, Internet Explorer 2025-04-03 7.5 HIGH N/A
Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check parameters that are passed during third party rendering, which could allow remote attackers to execute arbitrary web script, aka the "Third Party Plugin Rendering" vulnerability, a different vulnerability than CVE-2003-0233.
CVE-1999-0876 1 Microsoft 2 Ie, Internet Explorer 2025-04-03 10.0 HIGH N/A
Buffer overflow in Internet Explorer 4.0 via EMBED tag.
CVE-2004-0841 2 Avaya, Microsoft 7 Definity One Media Server, Ip600 Media Servers, Modular Messaging Message Storage Server and 4 more 2025-04-03 5.0 MEDIUM N/A
Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."
CVE-2004-0526 1 Microsoft 4 Ie, Internet Explorer, Outlook and 1 more 2025-04-03 5.0 MEDIUM N/A
Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack.
CVE-2005-2087 1 Microsoft 2 Ie, Internet Explorer 2025-04-03 5.0 MEDIUM N/A
Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JVIEW Profiler (Javaprxy.dll). NOTE: the researcher says that the vendor could not reproduce this problem.
CVE-2001-1489 1 Microsoft 1 Ie 2025-04-03 5.0 MEDIUM N/A
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images.
CVE-2003-1105 1 Microsoft 2 Ie, Internet Explorer 2025-04-03 2.6 LOW N/A
Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to cause a denial of service (browser or Outlook Express crash) via HTML with certain input tags that are not properly rendered.
CVE-2006-1303 1 Microsoft 2 Ie, Internet Explorer 2025-04-03 9.3 HIGH N/A
Multiple unspecified vulnerabilities in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allow remote attackers to execute arbitrary code by instantiating certain COM objects from Wmm2fxa.dll as ActiveX controls including (1) DXImageTransform.Microsoft.MMSpecialEffect1Input, (2) DXImageTransform.Microsoft.MMSpecialEffect1Input.1, (3) DXImageTransform.Microsoft.MMSpecialEffect2Inputs, (4) DXImageTransform.Microsoft.MMSpecialEffect2Inputs.1, (5) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input, and (6) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input.1, which causes memory corruption during garbage collection.
CVE-2000-0162 1 Microsoft 3 Ie, Internet Explorer, Visual Studio 2025-04-03 5.1 MEDIUM N/A
The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the "VM File Reading" vulnerability.
CVE-2004-0985 1 Microsoft 1 Ie 2025-04-03 10.0 HIGH N/A
Internet Explorer 6.x on Windows XP SP2 allows remote attackers to execute arbitrary code, as demonstrated using a document with a draggable file type such as .xml, .doc, .py, .cdf, .css, .pdf, or .ppt, and using ADODB.Connection and ADODB.recordset to write to a .hta file that is interpreted in the Local Zone by HTML Help.
CVE-2006-2094 1 Microsoft 2 Ie, Internet Explorer 2025-04-03 5.1 MEDIUM N/A
Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control.
CVE-2006-3659 1 Microsoft 2 Ie, Internet Explorer 2025-04-03 5.0 MEDIUM N/A
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the location or URL property of a MHTMLFile ActiveX object.
CVE-2006-1245 1 Microsoft 1 Ie 2025-04-03 7.5 HIGH N/A
Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the "Multiple Event Handler Memory Corruption Vulnerability."
CVE-2004-0479 1 Microsoft 1 Ie 2025-04-03 5.0 MEDIUM N/A
Internet Explorer 6 allows remote attackers to cause a denial of service (crash) via Javascript that creates a new popup window and disables the imagetoolbar functionality with a META tag, which triggers a null dereference.