Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ie
(Microsoft)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 202 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2004-12-31 | CVE-2004-1104 | Microsoft Internet Explorer 6.0 SP2 allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page that contains a BASE element that points to the legitimate site, followed by an anchor (a) element with an empty "href" attribute, and a FORM whose action points to a malicious URL, and an INPUT submit element that is modified to look like a legitimate URL. | Ie | N/A | ||
| 2004-12-31 | CVE-2004-0985 | Internet Explorer 6.x on Windows XP SP2 allows remote attackers to execute arbitrary code, as demonstrated using a document with a draggable file type such as .xml, .doc, .py, .cdf, .css, .pdf, or .ppt, and using ADODB.Connection and ADODB.recordset to write to a .hta file that is interpreted in the Local Zone by HTML Help. | Ie | N/A | ||
| 2004-09-16 | CVE-2004-0869 | Internet Explorer does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection." | Ie | N/A | ||
| 2004-11-03 | CVE-2004-0844 | Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows remote attackers to alter displayed address bars and spoof web pages via a URL containing special characters, facilitating phishing attacks, aka the "Address Bar Spoofing on Double Byte Character Set Systems Vulnerability." | Ie | N/A | ||
| 2004-07-07 | CVE-2004-0479 | Internet Explorer 6 allows remote attackers to cause a denial of service (crash) via Javascript that creates a new popup window and disables the imagetoolbar functionality with a META tag, which triggers a null dereference. | Ie | N/A | ||
| 2004-07-07 | CVE-2004-0475 | The showHelp function in Internet Explorer 6 on Windows XP Pro allows remote attackers to execute arbitrary local .CHM files via a double backward slash ("\\") before the target CHM file, as demonstrated using an "ms-its" URL to ntshared.chm. NOTE: this bug may overlap CVE-2003-1041. | Ie | N/A | ||
| 2003-12-31 | CVE-2003-1484 | Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) by creating a DHTML link that uses the AnchorClick "A" object with a blank href attribute. | Ie | N/A | ||
| 2002-04-22 | CVE-2002-0153 | Internet Explorer 5.1 for Macintosh allows remote attackers to bypass security checks and invoke local AppleScripts within a specific HTML element, aka the "Local Applescript Invocation" vulnerability. | Ie | N/A | ||
| 2002-04-22 | CVE-2002-0152 | Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v. X and 2001 for Macintosh. | Entourage, Excel, Ie, Office, Outlook_express, Powerpoint | N/A | ||
| 2001-12-31 | CVE-2001-1489 | Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images. | Ie | N/A |