Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ie
(Microsoft)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 202 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2004-06-14 | CVE-2003-1041 | Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475. | Ie, Internet_explorer | N/A | ||
2004-02-03 | CVE-2003-0814 | Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability. | Ie, Internet_explorer | N/A | ||
2004-02-03 | CVE-2003-0823 | Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027. | Ie, Internet_explorer | N/A | ||
2003-11-17 | CVE-2003-0838 | Internet Explorer allows remote attackers to bypass zone restrictions to inject and execute arbitrary programs by creating a popup window and inserting ActiveX object code with a "data" tag pointing to the malicious code, which Internet Explorer treats as HTML or Javascript, but later executes as an HTA application, a different vulnerability than CVE-2003-0532, and as exploited using the QHosts Trojan horse (aka Trojan.Qhosts, QHosts-1, VBS.QHOSTS, or aolfix.exe). | Ie, Internet_explorer | N/A | ||
2003-11-17 | CVE-2003-0809 | Internet Explorer 5.01 through 6.0 does not properly handle object tags returned from a Web server during XML data binding, which allows remote attackers to execute arbitrary code via an HTML e-mail message or web page. | Ie, Internet_explorer | N/A | ||
2003-12-31 | CVE-2003-1559 | Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. | Ie, Internet_explorer | N/A | ||
2004-01-20 | CVE-2003-1028 | The download function of Internet Explorer 6 SP1 allows remote attackers to obtain the cache directory name via an HTTP response with an invalid ContentType and a .htm file, which could allow remote attackers to bypass security mechanisms that rely on random names, as demonstrated by threadid10008. | Ie, Internet_explorer | N/A | ||
2004-11-03 | CVE-2004-0845 | Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site. | Ie, Internet_explorer | N/A | ||
2004-08-18 | CVE-2004-0839 | Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html". | Definity_one_media_server, Ip600_media_servers, Modular_messaging_message_storage_server, S3400, S8100, Ie, Internet_explorer, Windows_2000, Windows_2003_server, Windows_98, Windows_98se, Windows_me, Windows_xp, Ip_softphone_2050, Mobile_voice_client_2050, Optivity_telephony_manager, Symposium_web_centre_portal, Symposium_web_client | N/A | ||
2004-02-03 | CVE-2003-0817 | Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object. | Ie, Internet_explorer | N/A |