Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Filtered by product Internet Explorer
Total 1742 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2001-0724 1 Microsoft 1 Internet Explorer 2025-04-03 7.5 HIGH N/A
Internet Explorer 5.5 allows remote attackers to bypass security restrictions via malformed URLs that contain dotless IP addresses, which causes Internet Explorer to process the page in the Intranet Zone, which may have fewer security restrictions, aka the "Zone Spoofing Vulnerability variant" of CVE-2001-0664.
CVE-2006-1189 1 Microsoft 1 Internet Explorer 2025-04-03 10.0 HIGH N/A
Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via a crafted URL with an International Domain Name (IDN) using double-byte character sets (DBCS), aka the "Double Byte Character Parsing Memory Corruption Vulnerability."
CVE-2002-1254 1 Microsoft 2 Ie, Internet Explorer 2025-04-03 7.5 HIGH N/A
Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka "Cross Domain Verification via Cached Methods."
CVE-2004-2704 2 Hastymail, Microsoft 2 Hastymail, Internet Explorer 2025-04-03 4.3 MEDIUM N/A
Hastymail 1.0.1 and earlier (stable) and 1.1 and earlier (development) does not send the "attachment" parameter in the Content-Disposition field for attachments, which causes the attachment to be rendered inline by Internet Explorer when the victim clicks the download link, which facilitates cross-site scripting (XSS) and possibly other attacks.
CVE-1999-0891 1 Microsoft 1 Internet Explorer 2025-04-03 5.0 MEDIUM N/A
The "download behavior" in Internet Explorer 5 allows remote attackers to read arbitrary files via a server-side redirect.
CVE-2002-1670 1 Microsoft 2 Internet Explorer, Windows Xp 2025-04-03 4.6 MEDIUM N/A
Microsoft Windows XP Professional upgrade edition overwrites previously installed patches for Internet Explorer 6.0, leaving Internet Explorer unpatched.
CVE-1999-0354 1 Microsoft 2 Internet Explorer, Word 2025-04-03 7.5 HIGH N/A
Internet Explorer 4.x or 5.x with Word 97 allows arbitrary execution of Visual Basic programs to the IE client through the Word 97 template, which doesn't warn the user that the template contains executable content. Also applies to Outlook when the client views a malicious email message.
CVE-1999-0869 2 Microsoft, Netscape 2 Internet Explorer, Navigator 2025-04-03 2.6 LOW N/A
Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing.
CVE-2004-2307 1 Microsoft 2 Internet Explorer, Windows Xp 2025-04-03 5.0 MEDIUM N/A
Microsoft Internet Explorer 6.0.2600 on Windows XP allows remote attackers to cause a denial of service (browser crash) via a shell: URI with double backslashes (\\) in an HTML tag such as IFRAME or A.
CVE-2000-0400 1 Microsoft 1 Internet Explorer 2025-04-03 7.5 HIGH N/A
The Microsoft Active Movie ActiveX Control in Internet Explorer 5 does not restrict which file types can be downloaded, which allows an attacker to download any type of file to a user's system by encoding it within an email message or news post.
CVE-2003-1048 1 Microsoft 8 Internet Explorer, Outlook, Windows 98 and 5 more 2025-04-03 10.0 HIGH 7.8 HIGH
Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.
CVE-2001-0643 1 Microsoft 1 Internet Explorer 2025-04-03 5.0 MEDIUM N/A
Internet Explorer 5.5 does not display the Class ID (CLSID) when it is at the end of the file name, which could allow attackers to trick the user into executing dangerous programs by making it appear that the document is of a safe file type.
CVE-2002-1824 1 Microsoft 2 Ie, Internet Explorer 2025-04-03 5.0 MEDIUM N/A
Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a webserver's certificate chain during a SSL/TLS handshake, does not prompt the user before searching for and finding a newer certificate, which may allow attackers to perform a man-in-the-middle attack. NOTE: it is not clear whether this poses a vulnerability.
CVE-2002-0815 3 Microsoft, Mozilla, Netscape 3 Internet Explorer, Mozilla, Navigator 2025-04-03 7.5 HIGH N/A
The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain.
CVE-1999-0871 1 Microsoft 1 Internet Explorer 2025-04-03 2.6 LOW N/A
Internet Explorer 4.0 and 4.01 allow a remote attacker to read files via IE's cross frame security, aka the "Cross Frame Navigate" vulnerability.
CVE-2005-4843 1 Microsoft 1 Internet Explorer 2025-04-03 7.8 HIGH N/A
The SmartConnect Class control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer.
CVE-2003-0114 1 Microsoft 2 Ie, Internet Explorer 2025-04-03 5.0 MEDIUM N/A
The file upload control in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to automatically upload files from the local system via a web page containing a script to upload the files.
CVE-2004-0839 3 Avaya, Microsoft, Nortel 18 Definity One Media Server, Ip600 Media Servers, Modular Messaging Message Storage Server and 15 more 2025-04-03 5.0 MEDIUM N/A
Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".
CVE-2006-3897 1 Microsoft 2 Internet Explorer, Windows 2000 2025-04-03 5.0 MEDIUM N/A
Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (application crash) by creating an NMSA.ASFSourceMediaDescription.1 ActiveX object with a long dispValue property.
CVE-2006-3915 1 Microsoft 2 Internet Explorer, Windows Xp 2025-04-03 5.0 MEDIUM N/A
Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by iterating over any native function, as demonstrated with the window.alert function, which triggers a null dereference.