Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ie
(Microsoft)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 202 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2004-07-07 | CVE-2004-0420 | The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP. | Ie, Internet_explorer | N/A | ||
2004-02-03 | CVE-2003-0815 | Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability. | Ie, Internet_explorer | N/A | ||
2004-11-03 | CVE-2004-0843 | Internet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability." | Ie, Internet_explorer | N/A | ||
2004-02-07 | CVE-2004-2090 | Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers to determine the existence of arbitrary files via the VBScript LoadPicture method, which returns an error code if the file does not exist. | Ie, Internet_explorer | N/A | ||
2004-04-15 | CVE-2003-0513 | Microsoft Internet Explorer allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Internet Explorer to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application. | Ie, Internet_explorer | N/A | ||
2004-11-03 | CVE-2004-0216 | Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow. | Ie, Internet_explorer | N/A | ||
2004-12-23 | CVE-2004-0841 | Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability." | Definity_one_media_server, Ip600_media_servers, Modular_messaging_message_storage_server, S3400, S8100, Ie, Internet_explorer | N/A | ||
2004-07-27 | CVE-2004-0719 | Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, and possibly other versions, does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. | Ie, Internet_explorer | N/A | ||
2004-11-16 | CVE-2004-1331 | The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows remote attackers to bypass the "File Download - Security Warning" dialog and save arbitrary files with arbitrary extensions via the SaveAs command. | Ie, Internet_explorer | N/A | ||
2004-12-31 | CVE-2004-1050 | Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability." | Definity_one_media_server, Ip600_media_servers, Modular_messaging_message_storage_server, S3400, S8100, Ie, Internet_explorer | N/A |