Product:

Internet_explorer

(Microsoft)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 1640
Date Id Summary Products Score Patch Annotated
2004-12-31 CVE-2004-2219 Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake. Ie, Internet_explorer N/A
2004-12-31 CVE-2004-2011 msxml3.dll in Internet Explorer 6.0.2600.0 allows remote attackers to cause a denial of service (crash) via a single & (ampersand) in a <Ref href> link, which triggers a parsing error, possibly due to missing portions of the URI. Internet_explorer N/A
2004-12-31 CVE-2004-1527 Microsoft Internet Explorer 6.0 SP1 does not properly handle certain character strings in the Path attribute, which can cause it to modify cookies in other domains when the attacker's domain name is within the target's domain name or when wildcard DNS is being used, which allows remote attackers to hijack web sessions. Ie, Internet_explorer N/A
2004-12-31 CVE-2004-1416 pnxr3260.dll in the RealOne 2.0 build 6.0.11.868 browser plugin, as used in Internet Explorer, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embed tag. Internet_explorer, Realone_player N/A
2004-12-31 CVE-2004-1198 Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash from memory consumption), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays. Ie, Internet_explorer N/A
2004-12-31 CVE-2004-1173 Internet Explorer 6 allows remote attackers to bypass the popup blocker via the document object model (DOM) methods in the DHTML Dynamic HTML (DHTML) Editing Component (DEC) and Javascript that calls showModalDialog. Internet_explorer N/A
2004-12-31 CVE-2004-1166 CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command. Ie, Internet_explorer N/A
2004-12-31 CVE-2004-1155 Internet Explorer 5.01 through 6 allows remote attackers to spoof arbitrary web sites by injecting content from one window into another window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. NOTE: later research shows that Internet Explorer 7 on Windows XP SP2 is also vulnerable. Ie, Internet_explorer N/A
2005-05-02 CVE-2005-0053 Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability." Ie, Internet_explorer, Windows_2000, Windows_2003_server, Windows_98, Windows_98se, Windows_me, Windows_xp N/A
2005-07-05 CVE-2005-2087 Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JVIEW Profiler (Javaprxy.dll). NOTE: the researcher says that the vendor could not reproduce this problem. Ie, Internet_explorer N/A