CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Microsoft » IE : Security Vulnerabilities Published In 2002

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2002-2311 264 2002-12-31 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Microsoft Internet Explorer 6.0 and possibly others allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage. NOTE: it was reported that the vendor has disputed the severity of this issue.
2 CVE-2002-2125 2002-12-31 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Internet Explorer 6.0 does not warn users when an expired certificate authority (CA) certificate is submitted to the user and a newer CA certificate is in the user's local repository, which could allow remote attackers to decrypt web sessions via a man-in-the-middle (MITM) attack.
3 CVE-2002-2062 XSS 2002-12-31 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in ftp.htt in Internet Explorer 5.5 and 6.0, when running on Windows 2000 with "Enable folder view for FTP sites" and "Enable Web content in folders" selected, allows remote attackers to inject arbitrary web script or HTML via the hostname portion of an FTP URL.
4 CVE-2002-2031 2002-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Internet Explorer 5.0, 5.0.1 and 5.5 with JavaScript execution enabled allows remote attackers to determine the existence of arbitrary files via a script tag with a src parameter that references a non-JavaScript file, then using the onError event handler to monitor the results.
5 CVE-2002-1984 DoS 2002-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or Windows XP allows remote attackers to cause a denial of service (crash) via an OBJECT tag that contains a crafted CLASSID (CLSID) value of "CLSID:00022613-0000-0000-C000-000000000046".
6 CVE-2002-1824 2002-12-31 2008-09-05
5.0
None Remote Low Not required None Partial None
Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a webserver's certificate chain during a SSL/TLS handshake, does not prompt the user before searching for and finding a newer certificate, which may allow attackers to perform a man-in-the-middle attack. NOTE: it is not clear whether this poses a vulnerability.
7 CVE-2002-1714 DoS 2002-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to cause a denial of service (crash) via an object of type "text/html" with the DATA field that identifies the HTML document that contains the object, which may cause infinite recursion.
8 CVE-2002-1705 DoS 2002-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to cause a denial of service (crash) via a Cascading Style Sheet (CSS) with the p{cssText} element declared and a bold font weight.
9 CVE-2002-1688 2002-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
The browser history feature in Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to execute arbitrary script as other users and steal authentication information via cookies by injecting JavaScript into the URL, which is executed when the user hits the Back button.
10 CVE-2002-1671 2002-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Microsoft Internet Explorer 5.0, 5.01, and 5.5 allows remote attackers to monitor the contents of the clipboard via the getData method of the clipboardData object.
11 CVE-2002-1670 2002-12-31 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Microsoft Windows XP Professional upgrade edition overwrites previously installed patches for Internet Explorer 6.0, leaving Internet Explorer unpatched.
12 CVE-2002-1444 DoS 2002-08-15 2008-09-05
2.6
None Remote High Not required None None Partial
The Google toolbar 1.1.60, when running on Internet Explorer 5.5 and 6.0, allows remote attackers to cause a denial of service (crash with an exception in oleaut32.dll) via malicious HTML, possibly related to small width and height parameters or an incorrect call to the Google.Search() function.
13 CVE-2002-1262 2002-12-18 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Internet Explorer 5.5 and 6.0 does not perform complete security checks on external caching, which allows remote attackers to read arbitrary files.
14 CVE-2002-1254 Exec Code Bypass 2002-12-11 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka "Cross Domain Verification via Cached Methods."
15 CVE-2002-1217 Exec Code Bypass 2002-10-28 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Cross-Frame scripting vulnerability in the WebBrowser control as used in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code, read arbitrary files, or conduct other unauthorized activities via script that accesses the Document property, which bypasses <frame> and <iframe> domain restrictions.
16 CVE-2002-1188 +Info 2002-12-11 2008-09-10
6.4
None Remote Low Not required Partial Partial None
Internet Explorer 5.01 through 6.0 allows remote attackers to identify the path to the Temporary Internet Files folder and obtain user information such as cookies via certain uses of the OBJECT tag, which are not subjected to the proper security checks, aka "Temporary Internet Files folders Name Reading."
17 CVE-2002-1187 XSS 2002-12-11 2008-09-10
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting vulnerability (XSS) in Internet Explorer 5.01 through 6.0 allows remote attackers to read and execute files on the local system via web pages using the <frame> or <iframe> element and javascript, aka "Frames Cross Site Scripting," as demonstrated using the PrivacyPolicy.dlg resource.
18 CVE-2002-1186 2002-12-11 2008-09-10
5.0
None Remote Low Not required Partial None None
Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka "Encoded Characters Information Disclosure."
19 CVE-2002-1185 DoS Overflow 2002-12-11 2008-09-10
5.0
None Remote Low Not required None None Partial
Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka "Malformed PNG Image File Failure."
20 CVE-2002-1142 Exec Code Overflow 2002-11-29 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.
21 CVE-2002-0980 Exec Code 2002-09-24 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
The Web Folder component for Internet Explorer 5.5 and 6.0 writes an error message to a known location in the temporary folder, which allows remote attackers to execute arbitrary code by injecting it into the error message, then referring to the error message file via a mhtml: URL.
22 CVE-2002-0976 2002-09-24 2008-09-10
6.4
None Remote Low Not required Partial Partial None
Internet Explorer 4.0 and later allows remote attackers to read arbitrary files via a web page that accesses a legacy XML Datasource applet (com.ms.xml.dso.XMLDSO.class) and modifies the base URL to point to the local system, which is trusted by the applet.
23 CVE-2002-0862 2002-10-04 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS.
24 CVE-2002-0832 Bypass 2002-08-12 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Internet Explorer 5, 5.6, and 6 allows remote attackers to bypass cookie privacy settings and store information across browser sessions via the userData (storeuserData) feature.
25 CVE-2002-0815 2002-08-12 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain.
26 CVE-2002-0723 2002-09-24 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Microsoft Internet Explorer 5.5 and 6.0 does not properly verify the domain of a frame within a browser window, which allows remote attackers to read client files or invoke executable objects via the Object tag, aka "Cross Domain Verification in Object Tag."
27 CVE-2002-0722 2002-09-24 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to misrepresent the source of a file in the File Download dialogue box to trick users into thinking that the file type is safe to download, aka "File Origin Spoofing."
28 CVE-2002-0691 XSS 2002-09-24 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Microsoft Internet Explorer 5.01 and 5.5 allows remote attackers to execute scripts in the Local Computer zone via a URL that references a local HTML resource file, a variant of "Cross-Site Scripting in Local HTML Resource" as identified by CAN-2002-0189.
29 CVE-2002-0648 2002-09-24 2008-09-10
5.0
None Remote Low Not required Partial None None
The legacy <script> data-island capability for XML in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read arbitrary XML files, and portions of other files, via a URL whose "src" attribute redirects to a local file.
30 CVE-2002-0647 Exec Code Overflow 2002-09-24 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in a legacy ActiveX control used to display specially formatted text in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code, aka "Buffer Overrun in Legacy Text Formatting ActiveX Control".
31 CVE-2002-0500 2002-08-12 2008-09-05
5.0
None Remote Low Not required Partial None None
Internet Explorer 5.0 through 6.0 allows remote attackers to determine the existence of files on the client via an IMG tag with a dynsrc property that references the target file, which sets certain elements of the image object such as file size.
32 CVE-2002-0461 DoS 2002-08-12 2008-09-05
5.0
None Remote Low Not required None None Partial
Internet Explorer 5.01 through 6 allows remote attackers to cause a denial of service (application crash) via Javascript in a web page that calls location.replace on itself, causing a loop.
33 CVE-2002-0371 Exec Code Overflow 2002-07-03 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 through 6.0, Proxy Server 2.0, or ISA Server 2000 allows remote attackers to execute arbitrary code via a gopher:// URL that redirects the user to a real or simulated gopher server that sends a long response.
34 CVE-2002-0269 XSS 2002-05-29 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Internet Explorer 5.x and 6 interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web applications that use a text/plain type to prevent cross-site scripting attacks.
35 CVE-2002-0242 XSS 2002-05-29 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in Internet Explorer 6 earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed.
36 CVE-2002-0193 Exec Code 2002-05-29 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the first variant of the "Content Disposition" vulnerability.
37 CVE-2002-0191 2002-05-29 2008-09-10
5.0
None Remote Low Not required Partial None None
Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to view arbitrary files that contain the "{" character via script containing the cssText property of the stylesheet object, aka "Local Information Disclosure through HTML Object" vulnerability.
38 CVE-2002-0190 Exec Code 2002-05-29 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code under fewer security restrictions via a malformed web page that requires NetBIOS connectivity, aka "Zone Spoofing through Malformed Web Page" vulnerability.
39 CVE-2002-0189 XSS 2002-05-29 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in Internet Explorer 6.0 allows remote attackers to execute scripts in the Local Computer zone via a URL that exploits a local HTML resource file, aka the "Cross-Site Scripting in Local HTML Resource" vulnerability.
40 CVE-2002-0188 Exec Code 2002-05-29 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the second variant of the "Content Disposition" vulnerability.
41 CVE-2002-0153 Bypass 2002-04-22 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Internet Explorer 5.1 for Macintosh allows remote attackers to bypass security checks and invoke local AppleScripts within a specific HTML element, aka the "Local Applescript Invocation" vulnerability.
42 CVE-2002-0152 DoS Exec Code Overflow 2002-04-22 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v. X and 2001 for Macintosh.
43 CVE-2002-0136 DoS 2002-03-25 2008-09-10
5.0
None Remote Low Not required None None Partial
Microsoft Internet Explorer 5.5 on Windows 98 allows remote web pages to cause a denial of service (hang) via extremely long values for form fields such as INPUT and TEXTAREA, which can be automatically filled via Javascript.
44 CVE-2002-0101 DoS 2002-03-25 2008-09-10
5.0
None Remote Low Not required None None Partial
Microsoft Internet Explorer 6.0 and earlier allows local users to cause a denial of service via an infinite loop for modeless dialogs showModelessDialog, which causes CPU usage while the focus for the dialog is not released.
45 CVE-2002-0078 2002-03-29 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The zone determination function in Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to run scripts in the Local Computer zone by embedding the script in a cookie, aka the "Cookie-based Script Execution" vulnerability.
46 CVE-2002-0077 2002-01-13 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Microsoft Internet Explorer 5.01, 5.5 and 6.0 treats objects invoked on an HTML page with the codebase property as part of Local Computer zone, which allows remote attackers to invoke executables present on the local system through objects such as the popup object, aka the "Local Executable Invocation via Object tag" vulnerability.
47 CVE-2002-0057 2002-03-08 2008-09-10
5.0
None Remote Low Not required Partial None None
XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source.
48 CVE-2002-0052 2002-03-08 2008-09-10
5.0
None Remote Low Not required Partial None None
Internet Explorer 6.0 and earlier does not properly handle VBScript in certain domain security checks, which allows remote attackers to read arbitrary files.
49 CVE-2002-0027 2002-03-08 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Internet Explorer 5.5 and 6.0 allows remote attackers to read certain files and spoof the URL in the address bar by using the Document.open function to pass information between two frames from different domains, a new variant of the "Frame Domain Verification" vulnerability described in MS:MS01-058/CAN-2001-0874.
50 CVE-2002-0026 Bypass 2002-03-08 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Internet Explorer 5.5 and 6.0 allows remote attackers to bypass restrictions for executing scripts via an object that processes asynchronous events after the initial security checks have been made.
Total number of vulnerabilities : 54   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.