Filtered by vendor Microsoft
Subscriptions
Filtered by product Ie
Subscriptions
Total
210 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2004-0842 | 2 Avaya, Microsoft | 7 Definity One Media Server, Ip600 Media Servers, Modular Messaging Message Storage Server and 4 more | 2025-04-03 | N/A |
Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability." | ||||
CVE-2004-0845 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | N/A |
Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site. | ||||
CVE-2004-1198 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | N/A |
Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash from memory consumption), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays. | ||||
CVE-2004-1527 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | N/A |
Microsoft Internet Explorer 6.0 SP1 does not properly handle certain character strings in the Path attribute, which can cause it to modify cookies in other domains when the attacker's domain name is within the target's domain name or when wildcard DNS is being used, which allows remote attackers to hijack web sessions. | ||||
CVE-2004-1686 | 1 Microsoft | 1 Ie | 2025-04-03 | N/A |
Internet Explorer 6.0 in Windows XP SP2 allows remote attackers to bypass the Information Bar prompt for ActiveX and Javascript via an XHTML page that contains an Internet Explorer formatted comment between the DOCTYPE tag and the HTML tag, as demonstrated using the DesignScience MathPlayer ActiveX plugin. | ||||
CVE-2004-2090 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | N/A |
Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers to determine the existence of arbitrary files via the VBScript LoadPicture method, which returns an error code if the file does not exist. | ||||
CVE-2004-2179 | 1 Microsoft | 2 Frontpage, Ie | 2025-04-03 | N/A |
asycpict.dll, as used in Microsoft products such as Front Page 97 and 98, allows remote attackers to cause a denial of service (hang) via a JPEG image with maximum height and width values. | ||||
CVE-2005-2308 | 1 Microsoft | 1 Ie | 2025-04-03 | N/A |
The JPEG decoder in Microsoft Internet Explorer allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via certain crafted JPEG images, as demonstrated using (1) mov_fencepost.jpg, (2) cmp_fencepost.jpg, (3) oom_dos.jpg, or (4) random.jpg. | ||||
CVE-2005-4269 | 1 Microsoft | 3 Ie, Windows 2003 Server, Windows Xp | 2025-04-03 | N/A |
mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the "Delete" button in a repeating section in a form. NOTE: the normal operation of InfoPath appears to involve a local user without any privilege boundaries, so this might not be a vulnerability in InfoPath. If no realistic scenarios exist for this problem in other products, then perhaps it should be excluded from CVE. | ||||
CVE-2005-4717 | 1 Microsoft | 6 Ie, Internet Explorer, Windows 2000 and 3 more | 2025-04-03 | N/A |
Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar. | ||||
CVE-2005-4827 | 2 Canon, Microsoft | 3 Network Camera Server Vb101, Ie, Internet Explorer | 2025-04-03 | N/A |
Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests outside of the intended domain by calling open on an XMLHttpRequest object (Microsoft.XMLHTTP) and using tab, newline, and carriage return characters within the first argument (method name), which is supported by some proxy servers that convert tabs to spaces. NOTE: this issue can be leveraged to conduct referer spoofing, HTTP Request Smuggling, and other attacks. | ||||
CVE-2006-1185 | 2 Canon, Microsoft | 3 Network Camera Server Vb101, Ie, Internet Explorer | 2025-04-03 | N/A |
Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via certain invalid HTML that causes memory corruption. | ||||
CVE-2006-3451 | 1 Microsoft | 1 Ie | 2025-04-03 | N/A |
Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when "multiple imports are used on a styleSheets collection" to construct a chain of Cascading Style Sheets (CSS), which allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
CVE-2006-3471 | 1 Microsoft | 1 Ie | 2025-04-03 | N/A |
Microsoft Internet Explorer 6 on Windows XP allows remote attackers to cause a denial of service (crash) via a table with a frameset as a child, which triggers a null dereference, as demonstrated using the appendChild method. | ||||
CVE-2006-3640 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | N/A |
Microsoft Internet Explorer 5.01 and 6 allows certain script to persist across navigations between pages, which allows remote attackers to obtain the window location of visited web pages in other domains or zones, aka "Window Location Information Disclosure Vulnerability." | ||||
CVE-2006-3659 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | N/A |
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the location or URL property of a MHTMLFile ActiveX object. | ||||
CVE-2006-3869 | 1 Microsoft | 1 Ie | 2025-04-03 | N/A |
Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression. | ||||
CVE-2005-2087 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | N/A |
Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JVIEW Profiler (Javaprxy.dll). NOTE: the researcher says that the vendor could not reproduce this problem. | ||||
CVE-2003-0513 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | N/A |
Microsoft Internet Explorer allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Internet Explorer to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application. | ||||
CVE-2003-0530 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | N/A |
Buffer overflow in the BR549.DLL ActiveX control for Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to execute arbitrary code. |