Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Filtered by product Internet Explorer
Total 1742 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2002-0101 1 Microsoft 1 Internet Explorer 2025-04-03 5.0 MEDIUM N/A
Microsoft Internet Explorer 6.0 and earlier allows local users to cause a denial of service via an infinite loop for modeless dialogs showModelessDialog, which causes CPU usage while the focus for the dialog is not released.
CVE-2006-1626 1 Microsoft 2 Internet Explorer, Windows Xp 2025-04-03 4.3 MEDIUM N/A
Internet Explorer 6 for Windows XP SP2 and earlier allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window location back to a trusted URL while the Flash application is still loading. NOTE: this is a different vulnerability than CVE-2006-1192.
CVE-2005-0053 1 Microsoft 8 Ie, Internet Explorer, Windows 2000 and 5 more 2025-04-03 7.5 HIGH N/A
Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."
CVE-2001-0723 1 Microsoft 1 Internet Explorer 2025-04-03 6.4 MEDIUM N/A
Internet Explorer 5.5 and 6.0 allows remote attackers to read and modify user cookies via Javascript, aka the "Second Cookie Handling Vulnerability."
CVE-2006-3200 1 Microsoft 1 Internet Explorer 2025-04-03 5.0 MEDIUM N/A
Unspecified versions of Internet Explorer allow remote attackers to cause a denial of service (crash) via an IFRAME with a src tag containing a "File://" URI followed by an 8-bit character. NOTE: some third parties were unable to verify this issue.
CVE-2002-1262 1 Microsoft 1 Internet Explorer 2025-04-03 7.5 HIGH N/A
Internet Explorer 5.5 and 6.0 does not perform complete security checks on external caching, which allows remote attackers to read arbitrary files.
CVE-2002-0269 1 Microsoft 1 Internet Explorer 2025-04-03 7.5 HIGH N/A
Internet Explorer 5.x and 6 interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web applications that use a text/plain type to prevent cross-site scripting attacks.
CVE-1999-0537 2 Microsoft, Netscape 2 Internet Explorer, Communicator 2025-04-03 7.5 HIGH N/A
A configuration in a web browser such as Internet Explorer or Netscape Navigator allows execution of active content such as ActiveX, Java, Javascript, etc.
CVE-2002-1188 1 Microsoft 1 Internet Explorer 2025-04-03 6.4 MEDIUM N/A
Internet Explorer 5.01 through 6.0 allows remote attackers to identify the path to the Temporary Internet Files folder and obtain user information such as cookies via certain uses of the OBJECT tag, which are not subjected to the proper security checks, aka "Temporary Internet Files folders Name Reading."
CVE-2006-3591 1 Microsoft 1 Internet Explorer 2025-04-03 5.0 MEDIUM N/A
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) by accessing the URL property of a TriEditDocument.TriEditDocument object before it has been initialized, which triggers a NULL pointer dereference.
CVE-1999-0877 1 Microsoft 1 Internet Explorer 2025-04-03 4.3 MEDIUM N/A
Internet Explorer 5 allows remote attackers to read files via an ExecCommand method called on an IFRAME.
CVE-2005-0555 1 Microsoft 1 Internet Explorer 2025-04-03 7.5 HIGH N/A
Buffer overflow in the Content Advisor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a crafted Content Advisor file, aka "Content Advisor Memory Corruption Vulnerability."
CVE-2003-1328 1 Microsoft 2 Ie, Internet Explorer 2025-04-03 7.5 HIGH N/A
The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka "Improper Cross Domain Security Validation with ShowHelp functionality."
CVE-2002-1688 1 Microsoft 1 Internet Explorer 2025-04-03 5.0 MEDIUM N/A
The browser history feature in Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to execute arbitrary script as other users and steal authentication information via cookies by injecting JavaScript into the URL, which is executed when the user hits the Back button.
CVE-1999-1367 1 Microsoft 1 Internet Explorer 2025-04-03 4.6 MEDIUM N/A
Internet Explorer 5.0 does not properly reset the username/password cache for Web sites that do not use standard cache controls, which could allow users on the same system to access restricted web sites that were visited by other users.
CVE-2003-0447 1 Microsoft 1 Internet Explorer 2025-04-03 5.1 MEDIUM N/A
The Custom HTTP Errors capability in Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute script in the Local Zone via an argument to shdocvw.dll that causes a "javascript:" link to be generated.
CVE-2001-0919 1 Microsoft 1 Internet Explorer 2025-04-03 5.1 MEDIUM N/A
Internet Explorer 5.50.4134.0100 on Windows ME with "Prompt to allow cookies to be stored on your machine" enabled does not warn a user when a cookie is set using Javascript.
CVE-2001-0339 1 Microsoft 1 Internet Explorer 2025-04-03 7.5 HIGH N/A
Internet Explorer 5.5 and earlier allows remote attackers to display a URL in the address bar that is different than the URL that is actually being displayed, which could be used in web site spoofing attacks, aka the "Web page spoofing vulnerability."
CVE-1999-0917 1 Microsoft 1 Internet Explorer 2025-04-03 5.1 MEDIUM N/A
The Preloader ActiveX control used by Internet Explorer allows remote attackers to read arbitrary files.
CVE-2006-0057 1 Microsoft 2 Ie, Internet Explorer 2025-04-03 7.5 HIGH N/A
Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to bypass the Kill bit settings for dangerous ActiveX controls via unknown vectors involving crafted HTML, which can expose the browser to attacks that would otherwise be prevented by the Kill bit setting. NOTE: CERT/CC claims that MS05-054 fixes this issue, but it is not described in MS05-054.