threat
engine
.sh
Back
·
··:··
Home
/
Product
/
microsoft ie
Product
microsoft ie
201 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2012-1545
all versions
Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a deni
CVE-2010-5071
all versions
The JavaScript implementation in Microsoft Internet Explorer 8.0 and earlier does not properly restrict the set of values containe
CVE-2002-2435
all versions
The Cascading Style Sheets (CSS) implementation in Microsoft Internet Explorer 8.0 and earlier does not properly handle the :visit
CVE-2011-2383
all versions
Microsoft Internet Explorer 9 and earlier does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted
CVE-2011-2382
all versions
Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 beta, does not properly restrict cross-zone drag-and-drop actio
CVE-2010-2118
all versions
Microsoft Internet Explorer 6.0.2900.2180 and 8.0.7600.16385 allows remote attackers to cause a denial of service (resource consum
CVE-2010-1991
all versions
Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 executes a mail application in situations where an IFRAME element
CVE-2009-2576
all versions
Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU and memory consump
CVE-2009-2433
all versions
Stack-based buffer overflow in the AddFavorite method in Microsoft Internet Explorer allows remote attackers to cause a denial of
CVE-2009-2069
all versions
Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a pr
CVE-2009-2057
all versions
Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2)
CVE-2009-0552
all versions
Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 200
CVE-2009-0550
all versions
Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, an
CVE-2008-2281
all versions
Cross-zone scripting vulnerability in the Print Table of Links feature in Internet Explorer 6.0, 7.0, and 8.0b allows user-assiste
CVE-2008-1085
all versions
Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 through SP1, and 7 allows remote attackers to execute arbi
CVE-2008-0078
all versions
Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows rem
CVE-2008-0076
all versions
Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary c
CVE-2007-5347
all versions
Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via "unexpected method calls to HTML
CVE-2007-5344
all versions
Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website using Javascrip
CVE-2007-3903
all versions
Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via uninitialized or deleted objects used in
CVE-2007-3902
all versions
Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows re
CVE-2007-4848
all versions
Microsoft Internet Explorer 4.0 through 7 allows remote attackers to determine the existence of local files that have associated i
CVE-2007-0943
all versions
Unspecified vulnerability in Internet Explorer 5.01 and 6 SP1 allows remote attackers to execute arbitrary code via crafted Cascad
CVE-2007-3550
all versions
Microsoft Internet Explorer 6.0 and 7.0 allows remote attackers to fill Zones with arbitrary domains using certain metacharacters
CVE-2007-0944
all versions
Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6
CVE-2007-0942
all versions
Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server
CVE-2007-1765
all versions
Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a
CVE-2007-1499
all versions
Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute a
CVE-2006-7065
all versions
Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and
CVE-2007-1114
all versions
The child frames in Microsoft Internet Explorer 7 inherit the default charset from the parent window when a charset is not specifi
CVE-2007-1091
all versions
Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phi
CVE-2006-7030
all versions
Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service (crash) via certain malformed H
CVE-2007-0219
all versions
Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from (1) Msb1fren.dll, (2) Htmlmm.ocx, and (3) Blnmgrps.dll as
CVE-2007-0217
all versions
The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code v
CVE-2006-4697
all versions
Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from Imjpcksid.dll as ActiveX controls, which allows remote at
CVE-2007-0811
all versions
Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of servi
CVE-2007-0612
all versions
Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Int
CVE-2007-0356
all versions
The Common Controls Replacement Project (CCRP) FolderTreeview (FTV) ActiveX control (ccrpftv6.ocx) allows remote attackers to caus
CVE-2007-0024
all versions
Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Win
CVE-2006-6659
all versions
The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of
CVE-2006-5578
<= 6
Microsoft Internet Explorer 6 and earlier allows remote attackers to read Temporary Internet Files (TIF) and obtain sensitive info
CVE-2006-5577
<= 6
Microsoft Internet Explorer 6 and earlier allows remote attackers to obtain sensitive information via unspecified uses of the OBJE
CVE-2006-5913
all versions
Microsoft Internet Explorer 7 allows remote attackers to (1) cause a security certificate from a secure web site to appear invalid
CVE-2006-5884
all versions
Multiple unspecified vulnerabilities in DirectAnimation ActiveX controls for Microsoft Internet Explorer 5.01 through 6 have unkno
CVE-2006-4687
all versions
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via crafted layout combinations invol
CVE-2006-5805
all versions
Microsoft Internet Explorer 7 allows remote attackers to cause a security certificate from a secure web site to appear invalid via
CVE-2006-5544
all versions
Visual truncation vulnerability in Microsoft Internet Explorer 7 allows remote attackers to spoof the address bar and possibly con
CVE-2006-4888
<= 6
Microsoft Internet Explorer 6 and earlier allows remote attackers to cause a denial of service (application hang) via a CSS-format
CVE-2006-4777
all versions
Heap-based buffer overflow in the DirectAnimation Path Control (DirectAnimation.PathControl) COM object (daxctle.ocx) for Internet
CVE-2006-3873
all versions
Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-0
CVE-2006-4560
all versions
Internet Explorer 6 on Windows XP SP2 allows remote attackers to execute arbitrary JavaScript in the context of the browser's sess
CVE-2006-4495
all versions
Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrar
CVE-2006-4446
all versions
Heap-based buffer overflow in DirectAnimation.PathControl COM object (daxctle.ocx) in Microsoft Internet Explorer 6.0 SP1 allows r
CVE-2006-4301
all versions
Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) via a long Color attribute in mul
CVE-2006-3869
all versions
Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-0
CVE-2006-4219
all versions
The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute
CVE-2006-4193
all versions
Microsoft Internet Explorer 6.0 SP1 and possibly other versions allows remote attackers to cause a denial of service and possibly
CVE-2006-3643
all versions
Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HT
CVE-2006-3640
all versions
Microsoft Internet Explorer 5.01 and 6 allows certain script to persist across navigations between pages, which allows remote atta
CVE-2006-3639
all versions
Microsoft Internet Explorer 5.01 and 6 does not properly identify the originating domain zone when handling redirects, which allow
CVE-2006-3638
all versions
Microsoft Internet Explorer 5.01 and 6 does not properly handle uninitialized COM objects, which allows remote attackers to cause
CVE-2006-3637
all versions
Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-
CVE-2006-3451
all versions
Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when "multiple imports are used on a styleSheets collectio
CVE-2006-3450
all versions
Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using the document.getElementByID Javascript fu
CVE-2006-3944
all versions
Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via a (1) Forms.ListB
CVE-2006-3943
all versions
Stack-based buffer overflow in NDFXArtEffects in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause
CVE-2006-3910
all versions
Internet Explorer 6 on Windows XP SP2, when Outlook is installed, allows remote attackers to cause a denial of service (crash) by
CVE-2006-3730
all versions
Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) a
8.8
HIGH
CVE-2006-3659
all versions
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the location or URL property
CVE-2006-3658
all versions
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by accessing the object references of a
CVE-2006-3657
all versions
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (stack overflow exception) via a DXImageTransfo
CVE-2006-3513
all versions
danim.dll in Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) by accessing t
CVE-2006-3510
all versions
The Remote Data Service Object (RDS.DataControl) in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause
CVE-2006-3472
all versions
Microsoft Internet Explorer 6.0 and 6.0 SP1 allows remote attackers to cause a denial of service via an HTML page with an A tag co
CVE-2006-3471
all versions
Microsoft Internet Explorer 6 on Windows XP allows remote attackers to cause a denial of service (crash) via a table with a frames
CVE-2006-3354
all versions
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Filter property of an AD
CVE-2006-2385
all versions
Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows user-assisted remote attackers to e
CVE-2006-2378
all versions
Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlie
CVE-2006-1303
all versions
Multiple unspecified vulnerabilities in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allow remote attackers to execu
CVE-2006-2900
all versions
Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of
CVE-2006-2766
all versions
Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6,
CVE-2006-2094
all versions
Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in
CVE-2006-1719
all versions
Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) via any scrollbar Cascading Style She
CVE-2006-1192
all versions
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and oth
CVE-2006-1188
all versions
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain craf
CVE-2006-1186
all versions
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr
CVE-2006-1185
all versions
Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via cert
CVE-2006-1388
all versions
Unspecified vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to execute HTA files via unknown vectors.
CVE-2006-1359
all versions
Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary cod
CVE-2006-1245
all versions
Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers t
CVE-2006-0753
all versions
Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service (m
CVE-2006-0704
all versions
iE Integrator 4.4.220114, when configured without a "bespoke error page" in acm.ini, allows remote attackers to obtain sensitive i
CVE-2006-0544
all versions
urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) allows remote attackers to cause a denial of service (applic
CVE-2006-0057
all versions
Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to bypass the Kill bit settings for dangerous ActiveX control
CVE-2005-4827
all versions
Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make req
CVE-2005-4717
all versions
Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003
CVE-2005-4679
all versions
Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to spoof the URL in the status bar via the title in an i
CVE-2005-3240
all versions
Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute cod
CVE-2005-4269
all versions
mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (acce
CVE-2005-2831
all versions
Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly
CVE-2005-2830
all versions
Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in c
CVE-2005-2829
all versions
Multiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 allow user-assisted attackers to execute arbitrary code by
CVE-2005-4089
all versions
Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information
CVE-2005-2126
all versions
The FTP client in Windows XP SP1 and Server 2003, and Internet Explorer 6 SP1 on Windows 2000 SP4, when "Enable Folder View for FT
CVE-2005-1990
all versions
Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute
CVE-2005-1989
all versions
Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to obtain information and possibly execute co
CVE-2005-1988
all versions
Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to execute arbitrary code via a web site or a
CVE-2005-2308
all versions
The JPEG decoder in Microsoft Internet Explorer allows remote attackers to cause a denial of service (CPU consumption or crash) an
CVE-2005-2087
all versions
Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote a
CVE-2005-1791
all versions
Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the user attempts to add a URI to the restricted zone, in which the
CVE-2005-0553
all versions
Race condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 all
CVE-2005-0500
all versions
Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to spoof the domain name of a URL in a titlebar for a script-initi
CVE-2005-0056
all versions
Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows
CVE-2005-0055
all versions
Internet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createCont
CVE-2005-0054
all versions
Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code vi
CVE-2005-0053
all versions
Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-D
CVE-2005-0110
all versions
Internet Explorer 6 on Windows XP SP2 allows remote attackers to bypass the file download warning dialog and possibly trick an unk
CVE-2004-2434
all versions
Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (browser crash) via a link with "::{" (co
CVE-2004-2383
all versions
Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to bypass cross-frame scripting restrictions and capture keybo
CVE-2004-2291
all versions
Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via an embedded script that uses
CVE-2004-2219
all versions
Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that
CVE-2004-2179
all versions
asycpict.dll, as used in Microsoft products such as Front Page 97 and 98, allows remote attackers to cause a denial of service (ha
CVE-2004-1166
all versions
CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote attackers to execute arbitrary
CVE-2004-1155
all versions
Internet Explorer 5.01 through 6 allows remote attackers to spoof arbitrary web sites by injecting content from one window into an
CVE-2004-1104
all versions
Microsoft Internet Explorer 6.0 SP2 allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing att
CVE-2004-1050
all versions
Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME a
CVE-2004-0985
all versions
Internet Explorer 6.x on Windows XP SP2 allows remote attackers to execute arbitrary code, as demonstrated using a document with a
CVE-2004-0979
all versions
Internet Explorer on Windows XP does not properly modify the "Drag and Drop or copy and paste files" setting when the user sets it
CVE-2004-0867
all versions
Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.u
CVE-2004-0842
all versions
Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (applicat
CVE-2004-0841
all versions
Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method a
CVE-2004-0284
all versions
Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumpti
CVE-2004-1331
all versions
The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows remote attackers to bypass the "File Download - Security Warn
CVE-2004-0845
all versions
Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spo
CVE-2004-0844
all versions
Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows remote attackers to alter displayed address bars and spoof
CVE-2004-0843
all versions
Internet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address
CVE-2004-0216
all versions
Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbi
CVE-2004-0869
all versions
Internet Explorer does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channe
CVE-2004-0866
all versions
Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.u
CVE-2004-1686
all versions
Internet Explorer 6.0 in Windows XP SP2 allows remote attackers to bypass the Information Bar prompt for ActiveX and Javascript vi
CVE-2004-0839
all versions
Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary progr
CVE-2004-0526
all versions
Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF ta
CVE-2004-0212
all versions
Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local
CVE-2004-0719
all versions
Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, and possibly other versions, does not properly prevent a frame
CVE-2004-0479
all versions
Internet Explorer 6 allows remote attackers to cause a denial of service (crash) via Javascript that creates a new popup window an
CVE-2004-0475
all versions
The showHelp function in Internet Explorer 6 on Windows XP Pro allows remote attackers to execute arbitrary local .CHM files via a
CVE-2004-0420
all versions
The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows
CVE-2003-1041
all versions
Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack usin
CVE-2003-0513
all versions
Microsoft Internet Explorer allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e
CVE-2004-2090
all versions
Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers to determine the existence of arbitrary files via the VBScri
CVE-2003-0823
all versions
Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to oth
CVE-2003-0817
all versions
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML objec
CVE-2003-0816
all versions
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to
CVE-2003-0815
all versions
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying
CVE-2003-0814
all versions
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the wind
CVE-2003-1028
all versions
The download function of Internet Explorer 6 SP1 allows remote attackers to obtain the cache directory name via an HTTP response w
CVE-2003-1027
all versions
Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to ot
CVE-2003-1026
all versions
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-fr
CVE-2003-1559
all versions
Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, sends Referer headers containing https:// URLs in requests f
CVE-2003-1484
all versions
Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) by creating a DHTML link that use
CVE-2003-1105
all versions
Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to cause a denial of service (browser
CVE-2003-0838
all versions
Internet Explorer allows remote attackers to bypass zone restrictions to inject and execute arbitrary programs by creating a popup
CVE-2003-0809
all versions
Internet Explorer 5.01 through 6.0 does not properly handle object tags returned from a Web server during XML data binding, which
CVE-2003-0701
all versions
Buffer overflow in Internet Explorer 6 SP1 for certain languages that support double-byte encodings (e.g., Japanese) allows remote
CVE-2003-0532
all versions
Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine object types that are returned by web servers, which could
CVE-2003-0531
all versions
Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to access and execute script in the My Computer domain using th
CVE-2003-0530
all versions
Buffer overflow in the BR549.DLL ActiveX control for Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to execute
CVE-2003-0344
all versions
Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash)
CVE-2003-0233
all versions
Heap-based buffer overflow in plugin.ocx for Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code
CVE-2003-0116
all versions
Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check the Cascading Style Sheet input parameter for Modal dialogs,
CVE-2003-0115
all versions
Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check parameters that are passed during third party rendering, whi
CVE-2003-0114
all versions
The file upload control in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to automatically upload files fr
CVE-2003-0113
all versions
Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code v
CVE-2003-1328
all versions
The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow
CVE-2003-1326
all versions
Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script
CVE-2002-2125
all versions
Internet Explorer 6.0 does not warn users when an expired certificate authority (CA) certificate is submitted to the user and a ne
CVE-2002-1824
all versions
Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a webserver's certificate chain during a SSL/TLS handshake, d
CVE-2002-1714
all versions
Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to cause a denial of service (crash) via an object of type "te
CVE-2002-1254
all versions
Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the loca
CVE-2002-1186
all versions
Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which all
CVE-2002-1185
all versions
Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote a
CVE-2002-1142
all versions
Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6,
CVE-2002-0153
all versions
Internet Explorer 5.1 for Macintosh allows remote attackers to bypass security checks and invoke local AppleScripts within a speci
CVE-2002-0152
all versions
Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or ex
CVE-2001-1497
all versions
Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric cha
CVE-2001-1489
all versions
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web pag
CVE-2001-1218
all versions
Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X serve
CVE-2001-0665
<= 6
Internet Explorer 6 and earlier allows remote attackers to cause certain HTTP requests to be automatically executed and appear to
CVE-2000-1061
all versions
Microsoft Virtual Machine (VM) in Internet Explorer 4.x and 5.x allows an unsigned applet to create and use ActiveX controls, whic
CVE-2000-0768
all versions
A function in Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a
CVE-2000-0519
all versions
Internet Explorer 4.x and 5.x does not properly re-validate an SSL certificate if the user establishes a new SSL session with the
CVE-2000-0518
all versions
Internet Explorer 4.x and 5.x does not properly verify all contents of an SSL certificate if a connection is made to the server vi
CVE-2000-0160
all versions
The Microsoft Active Setup ActiveX component in Internet Explorer 4.x and 5.x allows a remote attacker to install software compone
CVE-2000-0162
all versions
The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java ap
CVE-1999-0876
all versions
Buffer overflow in Internet Explorer 4.0 via EMBED tag.
CVE-2000-0028
all versions
Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.N
CVE-2000-0036
all versions
Outlook Express 5 for Macintosh downloads attachments to HTML mail without prompting the user, aka the "HTML Mail Attachment" vuln
CVE-1999-0989
all versions
Buffer overflow in Internet Explorer 5 directshow filter (MSDXM.OCX) allows remote attackers to execute commands via the vnd.ms.ra
CVE-1999-0839
all versions
Windows NT Task Scheduler installed with Internet Explorer 5 allows a user to gain privileges by modifying the job after it has be
CVE-2000-0329
all versions
A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script
CVE-1999-0827
all versions
By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allo
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin