cpe:2.3:a:microsoft:internet_explorer:4.0.1:sp2:*:*:*:*:*:*
Microsoft Internet Explorer 9 and earlier does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing an http: URL that redirects to a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue, aka "Drag and Drop Information Disclosure Vulnerability." NOTE: this vulnerability exists because of an incomplete fix in the Internet Explorer 9 release.
Max CVSS
4.3
EPSS Score
2.29%
Published
2011-06-03
Updated
2021-07-23
Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 beta, does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue.
Max CVSS
4.3
EPSS Score
0.85%
Published
2011-06-03
Updated
2021-07-23
The JavaScript implementation in Microsoft Internet Explorer 8.0 and earlier does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method.
Max CVSS
5.0
EPSS Score
0.40%
Published
2011-12-07
Updated
2021-07-23
Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU consumption and application hang) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715.
Max CVSS
5.0
EPSS Score
0.42%
Published
2009-08-24
Updated
2021-07-23
Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected.
Max CVSS
5.0
EPSS Score
2.06%
Published
2009-07-22
Updated
2021-07-23
Microsoft Internet Explorer 5 through 8 allows remote attackers to cause a denial of service (memory consumption and application crash) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
Max CVSS
4.3
EPSS Score
4.44%
Published
2009-07-20
Updated
2018-10-10
Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request.
Max CVSS
5.8
EPSS Score
0.10%
Published
2009-06-15
Updated
2021-07-23
Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.
Max CVSS
5.8
EPSS Score
0.33%
Published
2009-06-15
Updated
2021-07-23
Microsoft Internet Explorer 7 and earlier allows remote attackers to bypass the "File Download - Security Warning" dialog box and download arbitrary .exe files by placing a '?' (question mark) followed by a non-.exe filename after the .exe filename, as demonstrated by (1) .txt, (2) .cda, (3) .log, (4) .dif, (5) .sol, (6) .htt, (7) .itpc, (8) .itms, (9) .dvr-ms, (10) .dib, (11) .asf, (12) .tif, and unspecified other extensions, a different issue than CVE-2004-1331. NOTE: this issue might not cross privilege boundaries, although it does bypass an intended protection mechanism.
Max CVSS
7.5
EPSS Score
3.11%
Published
2007-10-14
Updated
2021-07-23
Microsoft Internet Explorer 4.0 through 7 allows remote attackers to determine the existence of local files that have associated images via a res:// URI in the src property of a JavaScript Image object, as demonstrated by the URI for a bitmap image resource within a (1) .exe or (2) .dll file.
Max CVSS
4.3
EPSS Score
0.27%
Published
2007-09-12
Updated
2021-07-23

CVE-2007-1765

Public exploit
Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier.
Max CVSS
9.3
EPSS Score
3.09%
Published
2007-03-30
Updated
2021-07-23
Microsoft Internet Explorer 6.0.2900 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a table element with a CSS attribute that sets the position, which triggers an "unhandled exception" in mshtml.dll.
Max CVSS
5.0
EPSS Score
21.39%
Published
2007-02-23
Updated
2023-12-15
Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a frameset with only one frame that calls resizeTo with certain arguments. NOTE: this issue might be related to CVE-2006-3637.
Max CVSS
5.0
EPSS Score
12.14%
Published
2007-02-23
Updated
2021-07-23
Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via certain DHTML script functions, such as normalize, and "incorrectly created elements" that trigger memory corruption, aka "DHTML Script Function Memory Corruption Vulnerability."
Max CVSS
9.3
EPSS Score
77.82%
Published
2006-12-12
Updated
2021-07-23
jscript.dll in Microsoft Internet Explorer 6.0 SP1 and earlier allows remote attackers to cause a denial of service (application crash) via a Shockwave Flash object that contains ActionScript code that calls VBScript, which in turn calls the Javascript document.write function, which triggers a null dereference.
Max CVSS
5.0
EPSS Score
28.13%
Published
2006-02-08
Updated
2021-07-23
The CLSID_ApprenticeICW control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer.
Max CVSS
7.1
EPSS Score
2.19%
Published
2005-12-31
Updated
2021-07-23
The Cascading Style Sheets (CSS) implementation in Microsoft Internet Explorer 8.0 and earlier does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264.
Max CVSS
4.3
EPSS Score
0.58%
Published
2011-12-07
Updated
2021-07-23
Internet Explorer 4.0 and later allows remote attackers to read arbitrary files via a web page that accesses a legacy XML Datasource applet (com.ms.xml.dso.XMLDSO.class) and modifies the base URL to point to the local system, which is trusted by the applet.
Max CVSS
6.4
EPSS Score
95.06%
Published
2002-09-24
Updated
2021-07-23
Cross-site scripting vulnerability in Internet Explorer 6 earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed.
Max CVSS
7.5
EPSS Score
1.26%
Published
2002-05-29
Updated
2021-07-23
Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a brute-force password guessing attack.
Max CVSS
2.1
EPSS Score
0.07%
Published
2001-12-31
Updated
2021-07-23
Internet Explorer 6 and earlier, when used with the Telnet client in Services for Unix (SFU) 2.0, allows remote attackers to execute commands by spawning Telnet with a log file option on the command line and writing arbitrary code into an executable file which is later executed, aka a new variant of the Telnet Invocation vulnerability as described in CVE-2001-0150.
Max CVSS
7.5
EPSS Score
0.45%
Published
2001-10-30
Updated
2024-02-13
Internet Explorer 5.5 and earlier allows remote attackers to display a URL in the address bar that is different than the URL that is actually being displayed, which could be used in web site spoofing attacks, aka the "Web page spoofing vulnerability."
Max CVSS
7.5
EPSS Score
86.79%
Published
2001-06-27
Updated
2021-07-23
Internet Explorer 5.5 and earlier does not properly validate digital certificates when Certificate Revocation List (CRL) checking is enabled, which could allow remote attackers to spoof trusted web sites, aka the "Server certificate validation vulnerability."
Max CVSS
5.1
EPSS Score
1.02%
Published
2001-06-27
Updated
2021-07-23
Internet Explorer 5.5 and earlier does not properly verify the domain of a frame within a browser window, which allows remote web site operators to read certain files on the client by sending information from a local frame to a frame in a different domain, aka a variant of the "Frame Domain Verification" vulnerability.
Max CVSS
5.0
EPSS Score
0.40%
Published
2001-06-27
Updated
2021-07-23
HTML e-mail feature in Internet Explorer 5.5 and earlier allows attackers to execute attachments by setting an unusual MIME type for the attachment, which Internet Explorer does not process correctly.
Max CVSS
7.5
EPSS Score
3.37%
Published
2001-05-03
Updated
2021-07-23
51 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!