Product:

Ie

(Microsoft)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 202
Date Id Summary Products Score Patch Annotated
2004-06-14 CVE-2003-1041 Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475. Ie, Internet_explorer N/A
2004-02-03 CVE-2003-0814 Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability. Ie, Internet_explorer N/A
2004-02-03 CVE-2003-0823 Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027. Ie, Internet_explorer N/A
2003-11-17 CVE-2003-0838 Internet Explorer allows remote attackers to bypass zone restrictions to inject and execute arbitrary programs by creating a popup window and inserting ActiveX object code with a "data" tag pointing to the malicious code, which Internet Explorer treats as HTML or Javascript, but later executes as an HTA application, a different vulnerability than CVE-2003-0532, and as exploited using the QHosts Trojan horse (aka Trojan.Qhosts, QHosts-1, VBS.QHOSTS, or aolfix.exe). Ie, Internet_explorer N/A
2003-11-17 CVE-2003-0809 Internet Explorer 5.01 through 6.0 does not properly handle object tags returned from a Web server during XML data binding, which allows remote attackers to execute arbitrary code via an HTML e-mail message or web page. Ie, Internet_explorer N/A
2003-12-31 CVE-2003-1559 Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. Ie, Internet_explorer N/A
2004-01-20 CVE-2003-1028 The download function of Internet Explorer 6 SP1 allows remote attackers to obtain the cache directory name via an HTTP response with an invalid ContentType and a .htm file, which could allow remote attackers to bypass security mechanisms that rely on random names, as demonstrated by threadid10008. Ie, Internet_explorer N/A
2004-11-03 CVE-2004-0845 Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site. Ie, Internet_explorer N/A
2004-08-18 CVE-2004-0839 Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html". Definity_one_media_server, Ip600_media_servers, Modular_messaging_message_storage_server, S3400, S8100, Ie, Internet_explorer, Windows_2000, Windows_2003_server, Windows_98, Windows_98se, Windows_me, Windows_xp, Ip_softphone_2050, Mobile_voice_client_2050, Optivity_telephony_manager, Symposium_web_centre_portal, Symposium_web_client N/A
2004-02-03 CVE-2003-0817 Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object. Ie, Internet_explorer N/A