CVE Daily
← All tags

Tag: Internet Explorer

All CVEs associated with "Internet Explorer". Page 17/17 • 2029 CVEs.

Subscribe CVEs: RSS for “Internet Explorer”  ·  RSS (High+Critical only)

About “Internet Explorer”

A curated feed of “Internet Explorer”-related CVEs appears below. We currently track 2029 CVEs for this tag (all time). In the last 365 days, 5 were published. Average CVSS is 7.3 (all time; 8.1 over 365d), and 64% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-94 - Improper Control of Generation of Code ('Code Injection'), CWE-787 - Out-of-bounds Write, CWE-319 - Cleartext Transmission of Sensitive Information.

In our taxonomy this topic maps to a LOW impact class. Browsers are high value endpoints. Force auto updates, enforce enterprise policies, limit risky extensions, and enable site isolation or sandboxing. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2001-12-06
Low

CVE-2001-0807

Internet Explorer 5.0, and possibly other versions, may allow remote attackers (malicious web pages) to read known text files from a client's hard drive via a SCRIPT tag with a SRC value that points…

CVSS: 2.6 CWE: N/A View on NVD
2001-11-26
High

CVE-2001-0875

Internet Explorer 5.5 and 6.0 allows remote attackers to cause the File Download dialogue box to misrepresent the name of the file in the dialogue in a way that could fool users into thinking that th…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2001-0919

Internet Explorer 5.50.4134.0100 on Windows ME with "Prompt to allow cookies to be stored on your machine" enabled does not warn a user when a cookie is set using Javascript.

CVSS: 5.1 CWE: N/A View on NVD
2001-11-20
Medium

CVE-2001-0904

Internet Explorer 5.5 and 6 with the Q312461 (MS01-055) patch modifies the HTTP_USER_AGENT (UserAgent) information that indicates that the patch has been installed, which could allow remote malicious…

CVSS: 5.0 CWE: N/A View on NVD
2001-11-14
Medium

CVE-2001-0723

Internet Explorer 5.5 and 6.0 allows remote attackers to read and modify user cookies via Javascript, aka the "Second Cookie Handling Vulnerability."

CVSS: 6.4 CWE: N/A View on NVD
High

CVE-2001-0724

Internet Explorer 5.5 allows remote attackers to bypass security restrictions via malformed URLs that contain dotless IP addresses, which causes Internet Explorer to process the page in the Intranet…

CVSS: 7.5 CWE: N/A View on NVD
2001-10-30
High

CVE-2001-0664

Internet Explorer 5.5 and 5.01 allows remote attackers to bypass security restrictions via malformed URLs that contain dotless IP addresses, which causes Internet Explorer to process the page in the…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2001-0665

Internet Explorer 6 and earlier allows remote attackers to cause certain HTTP requests to be automatically executed and appear to come from the user, which could allow attackers to gain privileges or…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2001-0667

Internet Explorer 6 and earlier, when used with the Telnet client in Services for Unix (SFU) 2.0, allows remote attackers to execute commands by spawning Telnet with a log file option on the command…

CVSS: 7.3 CWE: CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') View on NVD
High

CVE-2001-0712

The rendering engine in Internet Explorer determines the MIME type independently of the type that is specified by the server, which allows remote servers to automatically execute script which is plac…

CVSS: 7.5 CWE: N/A View on NVD
2001-09-20
Medium

CVE-2001-0643

Internet Explorer 5.5 does not display the Class ID (CLSID) when it is at the end of the file name, which could allow attackers to trick the user into executing dangerous programs by making it appear…

CVSS: 5.0 CWE: N/A View on NVD
2001-08-17
Medium

CVE-2001-1305

ICQ 2001a Alpha and earlier allows remote attackers to automatically add arbitrary UINs to an ICQ user's contact list via a URL to a web page with a Content-Type of application/x-icq, which is proces…

CVSS: 5.0 CWE: N/A View on NVD
2001-07-21
High

CVE-2001-0002

Internet Explorer 5.5 and earlier allows remote attackers to obtain the physical location of cached content and open the content in the Local Computer Zone, then use compiled HTML help (.chm) files t…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2001-0340

An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a me…

CVSS: 7.5 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD
2001-06-27
Medium

CVE-2001-0243

Windows Media Player 7 and earlier stores Internet shortcuts in a user's Temporary Files folder with a fixed filename instead of in the Internet Explorer cache, which causes the HTML in those shortcu…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2001-0246

Internet Explorer 5.5 and earlier does not properly verify the domain of a frame within a browser window, which allows remote web site operators to read certain files on the client by sending informa…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2001-0332

Internet Explorer 5.5 and earlier does not properly verify the domain of a frame within a browser window, which allows remote web site operators to read certain files on the client by sending informa…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2001-0338

Internet Explorer 5.5 and earlier does not properly validate digital certificates when Certificate Revocation List (CRL) checking is enabled, which could allow remote attackers to spoof trusted web s…

CVSS: 5.1 CWE: N/A View on NVD
High

CVE-2001-0339

Internet Explorer 5.5 and earlier allows remote attackers to display a URL in the address bar that is different than the URL that is actually being displayed, which could be used in web site spoofing…

CVSS: 7.5 CWE: N/A View on NVD
2001-06-02
High

CVE-2001-0148

The WMP ActiveX Control in Windows Media Player 7 allows remote attackers to execute commands in Internet Explorer via javascript URLs, a variant of the "Frame Domain Verification" vulnerability.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2001-0149

Windows Scripting Host in Internet Explorer 5.5 and earlier allows remote attackers to read arbitrary files via the GetObject Javascript function and the htmlfile ActiveX object.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2001-0150

Internet Explorer 5.5 and earlier executes Telnet sessions using command line arguments that are specified by the web site, which could allow remote attackers to execute arbitrary commands if the IE…

CVSS: 5.1 CWE: CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') View on NVD
Medium

CVE-2001-0322

MSHTML.DLL HTML parser in Internet Explorer 4.0, and other versions, allows remote attackers to cause a denial of service (application crash) via a script that creates and deletes an object that is a…

CVSS: 5.0 CWE: N/A View on NVD
2001-05-11
Low

CVE-2001-1450

Microsoft Internet Explorer 5.0 through 6.0 allows attackers to cause a denial of service (browser crash) via a crafted FTP URL such as "/.#./".

CVSS: 2.6 CWE: N/A View on NVD
2001-05-03
High

CVE-2001-0154

HTML e-mail feature in Internet Explorer 5.5 and earlier allows attackers to execute attachments by setting an unusual MIME type for the attachment, which Internet Explorer does not process correctly.

CVSS: 7.5 CWE: N/A View on NVD
2001-04-20
High

CVE-2001-1325

Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow remote attackers to execute scripts when Active Scripting is disabled by including the scripts in XML stylesheets (XSL) that are…

CVSS: 7.5 CWE: N/A View on NVD
2001-03-12
Medium

CVE-2001-0137

Windows Media Player 7 allows remote attackers to execute malicious Java applets in Internet Explorer clients by enclosing the applet in a skin file named skin.wmz, then referencing that skin in the…

CVSS: 5.1 CWE: N/A View on NVD
2001-02-16
Low

CVE-2001-0089

Internet Explorer 5.0 through 5.5 allows remote attackers to read arbitrary files from the client via the INPUT TYPE element in an HTML form, aka the "File Upload via Form" vulnerability.

CVSS: 2.6 CWE: N/A View on NVD
Medium

CVE-2001-0090

The Print Templates feature in Internet Explorer 5.5 executes arbitrary custom print templates without prompting the user, which could allow an attacker to execute arbitrary ActiveX controls, aka the…

CVSS: 5.1 CWE: N/A View on NVD
Low

CVE-2001-0091

The ActiveX control for invoking a scriptlet in Internet Explorer 5.0 through 5.5 renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka a variant of the…

CVSS: 2.6 CWE: N/A View on NVD
Low

CVE-2001-0092

A function in Internet Explorer 5.0 through 5.5 does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a new variant of the "…

CVSS: 2.6 CWE: N/A View on NVD
2001-02-12
Medium

CVE-2001-0003

Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtai…

CVSS: 5.0 CWE: N/A View on NVD
2000-12-19
High

CVE-2000-0982

Internet Explorer before 5.5 forwards cached user credentials for a secure web site to insecure pages on the same web site, which could allow remote attackers to obtain the credentials by monitoring…

CVSS: 7.5 CWE: N/A View on NVD
2000-12-11
Medium

CVE-2000-1061

Microsoft Virtual Machine (VM) in Internet Explorer 4.x and 5.x allows an unsigned applet to create and use ActiveX controls, which allows a remote attacker to bypass Internet Explorer's security set…

CVSS: 5.1 CWE: N/A View on NVD
2000-10-20
Low

CVE-2000-0767

The ActiveX control for invoking a scriptlet in Internet Explorer 4.x and 5.x renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka the "Scriptlet Render…

CVSS: 2.6 CWE: N/A View on NVD
Low

CVE-2000-0768

A function in Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a variant of the "Frame Do…

CVSS: 2.6 CWE: N/A View on NVD
Medium

CVE-2000-0790

The web-based folder display capability in Microsoft Internet Explorer 5.5 on Windows 98 allows local users to insert Trojan horse programs by modifying the Folder.htt file and using the InvokeVerb m…

CVSS: 4.6 CWE: N/A View on NVD
Low

CVE-2000-0802

The BAIR program does not properly restrict access to the Internet Explorer Internet options menu, which allows local users to obtain access to the menu by modifying the registry key that starts BAIR.

CVSS: 3.6 CWE: N/A View on NVD
2000-07-14
Medium

CVE-2000-0662

Internet Explorer 5.x and Microsoft Outlook allows remote attackers to read arbitrary files by redirecting the contents of an IFRAME using the DHTML Edit Control (DHTMLED).

CVSS: 5.0 CWE: N/A View on NVD
2000-06-27
High

CVE-2000-0596

Internet Explorer 5.x does not warn a user before opening a Microsoft Access database file that is referenced within ActiveX OBJECT tags in an HTML document, which could allow remote attackers to exe…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2000-0597

Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are marked as safe for scripting, which allows remote attackers to force Internet Explorer or some email clients to save files to arbitr…

CVSS: 7.5 CWE: N/A View on NVD
2000-06-06
Low

CVE-2000-0503

The IFRAME of the WebBrowser control in Internet Explorer 5.01 allows a remote attacker to violate the cross frame security policy via the NavigateComplete2 event.

CVSS: 2.6 CWE: N/A View on NVD
2000-06-05
Low

CVE-2000-0518

Internet Explorer 4.x and 5.x does not properly verify all contents of an SSL certificate if a connection is made to the server via an image or a frame, aka one of two different "SSL Certificate Vali…

CVSS: 2.6 CWE: N/A View on NVD
Low

CVE-2000-0519

Internet Explorer 4.x and 5.x does not properly re-validate an SSL certificate if the user establishes a new SSL session with the same server during the same Internet Explorer session, aka one of two…

CVSS: 2.6 CWE: N/A View on NVD
2000-05-17
High

CVE-2000-0464

Internet Explorer 4.x and 5.x allows remote attackers to execute arbitrary commands via a buffer overflow in the ActiveX parameter parsing capability, aka the "Malformed Component Attribute" vulnerab…

CVSS: 7.6 CWE: N/A View on NVD
Medium

CVE-2000-0465

Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files via the frame, aka the "Frame Domain Verific…

CVSS: 5.1 CWE: N/A View on NVD
2000-05-13
High

CVE-2000-0400

The Microsoft Active Movie ActiveX Control in Internet Explorer 5 does not restrict which file types can be downloaded, which allows an attacker to download any type of file to a user's system by enc…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
2000-05-11
Low

CVE-2000-0439

Internet Explorer 4.0 and 5.0 allows a malicious web site to obtain client cookies from another domain by including that domain name and escaped characters in a URL, aka the "Unauthorized Cookie Acce…

CVSS: 2.6 CWE: N/A View on NVD
2000-04-18
Low

CVE-2000-0266

Internet Explorer 5.01 allows remote attackers to bypass the cross frame security policy via a malicious applet that interacts with the Java JSObject to modify the DOM properties to set the IFRAME to…

CVSS: 2.6 CWE: N/A View on NVD
2000-03-01
Medium

CVE-2000-0201

The window.showHelp() method in Internet Explorer 5.x does not restrict HTML help files (.chm) to be executed from the local host, which allows remote attackers to execute arbitrary commands via Micr…

CVSS: 5.1 CWE: N/A View on NVD
2000-02-21
High

CVE-2000-0160

The Microsoft Active Setup ActiveX component in Internet Explorer 4.x and 5.x allows a remote attacker to install software components without prompting the user by stating that the software's manufac…

CVSS: 7.6 CWE: N/A View on NVD
2000-02-18
Medium

CVE-2000-0162

The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the "VM File Reading" vulnera…

CVSS: 5.1 CWE: N/A View on NVD
2000-02-16
Medium

CVE-2000-0156

Internet Explorer 4.x and 5.x allows remote web servers to access files on the client that are outside of its security domain, aka the "Image Source Redirect" vulnerability.

CVSS: 5.1 CWE: N/A View on NVD
2000-02-01
Medium

CVE-2000-0105

Outlook Express 5.01 and Internet Explorer 5.01 allow remote attackers to view a user's email messages via a script that accesses a variable that references subsequent email messages that are read by…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2000-1205

Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode i…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2000-01-07
Critical

CVE-2000-0061

Internet Explorer 5 does not modify the security zone for a document that is being loaded into a window until after the document has been loaded, which could allow remote attackers to execute Javascr…

CVSS: 10.0 CWE: N/A View on NVD
2000-01-04
Critical

CVE-1999-0876

Buffer overflow in Internet Explorer 4.0 via EMBED tag.

CVSS: 10.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
1999-12-31
High

CVE-1999-1087

Internet Explorer 4 treats a 32-bit number ("dotless IP address") in the a URL as the hostname instead of an IP address, which causes IE to apply Local Intranet Zone settings to the resulting web pag…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-1999-1093

Buffer overflow in the Window.External function in the JScript Scripting Engine in Internet Explorer 4.01 SP1 and earlier allows remote attackers to execute arbitrary commands via a malicious web pag…

CVSS: 5.1 CWE: N/A View on NVD
High

CVE-1999-1094

Buffer overflow in Internet Explorer 4.01 and earlier allows remote attackers to execute arbitrary commands via a long URL with the "mk:" protocol, aka the "MK Overrun security issue."

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-1999-1472

Internet Explorer 4.0 allows remote attackers to read arbitrary text and HTML files on the user's machine via a small IFRAME that uses Dynamic HTML (DHTML) to send the data to the attacker, aka the F…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-1999-1473

When a Web site redirects the browser to another site, Internet Explorer 3.02 and 4.0 automatically resends authentication information to the second site, aka the "Page Redirect Issue."

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-1999-1474

PowerPoint 95 and 97 allows remote attackers to cause an application to be run automatically without prompting the user, possibly through the slide show, when the document is opened in browsers such…

CVSS: 7.5 CWE: N/A View on NVD
1999-12-23
Low

CVE-2000-0028

Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function.

CVSS: 2.6 CWE: N/A View on NVD
1999-12-08
Medium

CVE-1999-0981

Internet Explorer 5.01 and earlier allows a remote attacker to create a reference to a client window and use a server-side redirect to access local files via that window, aka "Server-side Page Refere…

CVSS: 5.1 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
1999-12-06
High

CVE-1999-0989

Buffer overflow in Internet Explorer 5 directshow filter (MSDXM.OCX) allows remote attackers to execute commands via the vnd.ms.radio protocol.

CVSS: 7.5 CWE: N/A View on NVD
1999-12-02
Medium

CVE-1999-0858

Internet Explorer 5 allows a remote attacker to modify the IE client's proxy configuration via a malicious Web Proxy Auto-Discovery (WPAD) server.

CVSS: 5.0 CWE: CWE-16 View on NVD
1999-11-29
High

CVE-1999-0839

Windows NT Task Scheduler installed with Internet Explorer 5 allows a user to gain privileges by modifying the job after it has been scheduled.

CVSS: 7.2 CWE: CWE-264 View on NVD
1999-11-17
Low

CVE-1999-0793

Internet Explorer allows remote attackers to read files by redirecting data to a Javascript applet.

CVSS: 2.6 CWE: N/A View on NVD
1999-11-14
Medium

CVE-1999-1110

Windows Media Player ActiveX object as used in Internet Explorer 5.0 returns a specific error code when a file does not exist, which allows remote malicious web sites to determine the existence of fi…

CVSS: 5.0 CWE: N/A View on NVD
1999-11-01
High

CVE-1999-0354

Internet Explorer 4.x or 5.x with Word 97 allows arbitrary execution of Visual Basic programs to the IE client through the Word 97 template, which doesn't warn the user that the template contains exe…

CVSS: 7.5 CWE: N/A View on NVD
Low

CVE-1999-0827

By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allows frame spoofing.

CVSS: 2.6 CWE: N/A View on NVD
1999-10-31
Medium

CVE-1999-1577

Buffer overflow in HHOpen ActiveX control (hhopen.ocx) 1.0.0.1 for Internet Explorer 4.01 and 5 allows remote attackers to execute arbitrary commands via long arguments to the OpenHelp method.

CVSS: 5.1 CWE: N/A View on NVD
1999-10-01
Medium

CVE-1999-0877

Internet Explorer 5 allows remote attackers to read files via an ExecCommand method called on an IFRAME.

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
1999-09-24
Medium

CVE-1999-1578

Buffer overflow in Registration Wizard ActiveX control (regwizc.dll, InvokeRegWizard) 3.0.0.0 for Internet Explorer 4.01 and 5 allows remote attackers to execute arbitrary commands.

CVSS: 5.1 CWE: N/A View on NVD
1999-09-10
Critical

CVE-1999-0702

Internet Explorer 5.0 and 5.01 allows remote attackers to modify or execute files via the Import/Export Favorites feature, aka the "ImportExportFavorites" vulnerability.

CVSS: 10.0 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Medium

CVE-1999-1575

The Kodak/Wang (1) Image Edit (imgedit.ocx), (2) Image Annotation (imgedit.ocx), (3) Image Scan (imgscan.ocx), (4) Thumbnail Image (imgthumb.ocx), (5) Image Admin (imgadmin.ocx), (6) HHOpen (hhopen.o…

CVSS: 5.1 CWE: N/A View on NVD
1999-09-01
Medium

CVE-1999-0669

The Eyedog ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy.

CVSS: 4.0 CWE: N/A View on NVD
Medium

CVE-1999-0891

The "download behavior" in Internet Explorer 5 allows remote attackers to read arbitrary files via a server-side redirect.

CVSS: 5.0 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
1999-08-27
Medium

CVE-1999-1016

Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) FrontPage Express, (3) Outlook Express 5, and (4) Eudora, and possibly others, allows remote malicious web site or HTML emails to caus…

CVSS: 5.0 CWE: N/A View on NVD
1999-08-25
Medium

CVE-1999-1235

Internet Explorer 5.0 records the username and password for FTP servers in the URL history, which could allow (1) local users to read the information from another user's index.dat, or (2) people who…

CVSS: 4.6 CWE: N/A View on NVD
1999-08-21
Medium

CVE-1999-0668

The scriptlet.typelib ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy.

CVSS: 5.1 CWE: N/A View on NVD
1999-06-03
Low

CVE-1999-1400

The Economist screen saver 1999 with the "Password Protected" option enabled allows users with physical access to the machine to bypass the screen saver and read files by running Internet Explorer wh…

CVSS: 2.1 CWE: N/A View on NVD
1999-05-27
High

CVE-1999-0802

Buffer overflow in Internet Explorer 5 allows remote attackers to execute commands via a malformed Favorites icon.

CVSS: 7.6 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-1999-0917

The Preloader ActiveX control used by Internet Explorer allows remote attackers to read arbitrary files.

CVSS: 5.1 CWE: N/A View on NVD
1999-05-17
Critical

CVE-1999-0489

MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to paste a file name into the file upload intrinsic control, a variant of "untrusted scripted paste" as described in MS:MS98-013.

CVSS: 10.0 CWE: N/A View on NVD
1999-05-06
Critical

CVE-1999-1241

Internet Explorer, with a security setting below Medium, allows remote attackers to execute arbitrary commands via a malicious web page that uses the FileSystemObject ActiveX object.

CVSS: 10.0 CWE: N/A View on NVD
Medium

CVE-1999-1367

Internet Explorer 5.0 does not properly reset the username/password cache for Web sites that do not use standard cache controls, which could allow users on the same system to access restricted web si…

CVSS: 4.6 CWE: N/A View on NVD
1999-05-01
Low

CVE-1999-0487

The DHTML Edit ActiveX control in Internet Explorer allows remote attackers to read arbitrary files.

CVSS: 2.6 CWE: N/A View on NVD
1999-04-21
High

CVE-1999-0488

Internet Explorer 4.0 and 5.0 allows a remote attacker to execute security scripts in a different security context using malicious URLs, a variant of the "cross frame" vulnerability.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-1999-0490

MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to learn information about a local user's files via an IMG SRC tag.

CVSS: 7.5 CWE: N/A View on NVD
1999-04-09
High

CVE-1999-0468

Internet Explorer 5.0 allows a remote server to read arbitrary files on the client's file system using the Microsoft Scriptlet Component.

CVSS: 8.2 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
1999-04-01
Medium

CVE-1999-0469

Internet Explorer 5.0 allows window spoofing, allowing a remote attacker to spoof a legitimate web site and capture information from the client.

CVSS: 5.0 CWE: N/A View on NVD
1999-03-23
High

CVE-1999-1370

The setup wizard (ie5setup.exe) for Internet Explorer 5.0 disables (1) the screen saver, which could leave the system open to users with physical access if a failure occurs during an unattended insta…

CVSS: 7.2 CWE: N/A View on NVD
1999-02-02
Low

CVE-1999-1453

Internet Explorer 4 allows remote attackers (malicious web site operators) to read the contents of the clipboard via the Internet WebBrowser ActiveX object.

CVSS: 2.6 CWE: N/A View on NVD
1999-01-26
Critical

CVE-1999-0347

Internet Explorer 4.01 allows remote attackers to read local files and spoof web pages via a "%01" character in an "about:" Javascript URL, which causes Internet Explorer to use the domain specified…

CVSS: 10.0 CWE: N/A View on NVD
1999-01-01
Critical

CVE-1999-0465

Remote attackers can crash Lynx and Internet Explorer using an IMG tag with a large width parameter.

CVSS: 10.0 CWE: N/A View on NVD
1998-12-01
Low

CVE-1999-0869

Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing.

CVSS: 2.6 CWE: N/A View on NVD
1998-10-01
Low

CVE-1999-0870

Internet Explorer 4.01 allows remote attackers to read arbitrary files by pasting a file name into the file upload control, aka untrusted scripted paste.

CVSS: 2.6 CWE: N/A View on NVD
1998-09-04
Low

CVE-1999-0871

Internet Explorer 4.0 and 4.01 allow a remote attacker to read files via IE's cross frame security, aka the "Cross Frame Navigate" vulnerability.

CVSS: 2.6 CWE: N/A View on NVD
1998-07-28
Medium

CVE-1999-1447

Internet Explorer 4.0 allows remote attackers to cause a denial of service (crash) via HTML code that contains a long CLASSID parameter in an OBJECT tag.

CVSS: 5.0 CWE: N/A View on NVD
1998-04-01
High

CVE-1999-0537

A configuration in a web browser such as Internet Explorer or Netscape Navigator allows execution of active content such as ActiveX, Java, Javascript, etc.

CVSS: 7.5 CWE: N/A View on NVD
1998-01-01
High

CVE-1999-0331

Buffer overflow in Internet Explorer 4.0(1).

CVSS: 7.5 CWE: N/A View on NVD
1997-11-01
Critical

CVE-1999-0967

Buffer overflow in the HTML library used by Internet Explorer, Outlook Express, and Windows Explorer via the res: local resource protocol.

CVSS: 10.0 CWE: N/A View on NVD
1997-08-05
Low

CVE-1999-1446

Internet Explorer 3 records a history of all URL's that are visited by a user in DAT files located in the Temporary Internet Files and History folders, which are not cleared when the user selects the…

CVSS: 2.1 CWE: N/A View on NVD
1997-07-08
Low

CVE-1999-0031

JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x, 3.x and 4.x, allows remote attackers to monitor a user's web activities, aka the Bell Labs vulnerability.

CVSS: 2.6 CWE: N/A View on NVD
1997-05-04
Medium

CVE-1999-1380

Symantec Norton Utilities 2.0 for Windows 95 marks the TUNEOCX.OCX ActiveX control as safe for scripting, which allows remote attackers to execute arbitrary commands via the run option through malici…

CVSS: 5.1 CWE: N/A View on NVD
1997-04-01
High

CVE-1999-0280

Remote command execution in Microsoft Internet Explorer using .lnk and .url files.

CVSS: 7.5 CWE: N/A View on NVD
1997-03-01
Medium

CVE-1999-1128

Internet Explorer 3.01 on Windows 95 allows remote malicious web sites to execute arbitrary commands via a .isp file, which is automatically downloaded and executed without prompting the user.

CVSS: 5.1 CWE: N/A View on NVD