Product:

Ie

(Microsoft)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 202
Date Id Summary Products Score Patch Annotated
2004-07-07 CVE-2004-0420 The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP. Ie, Internet_explorer N/A
2004-02-03 CVE-2003-0815 Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability. Ie, Internet_explorer N/A
2004-11-03 CVE-2004-0843 Internet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability." Ie, Internet_explorer N/A
2004-02-07 CVE-2004-2090 Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers to determine the existence of arbitrary files via the VBScript LoadPicture method, which returns an error code if the file does not exist. Ie, Internet_explorer N/A
2004-04-15 CVE-2003-0513 Microsoft Internet Explorer allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Internet Explorer to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application. Ie, Internet_explorer N/A
2004-11-03 CVE-2004-0216 Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow. Ie, Internet_explorer N/A
2004-12-23 CVE-2004-0841 Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability." Definity_one_media_server, Ip600_media_servers, Modular_messaging_message_storage_server, S3400, S8100, Ie, Internet_explorer N/A
2004-07-27 CVE-2004-0719 Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, and possibly other versions, does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. Ie, Internet_explorer N/A
2004-11-16 CVE-2004-1331 The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows remote attackers to bypass the "File Download - Security Warning" dialog and save arbitrary files with arbitrary extensions via the SaveAs command. Ie, Internet_explorer N/A
2004-12-31 CVE-2004-1050 Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability." Definity_one_media_server, Ip600_media_servers, Modular_messaging_message_storage_server, S3400, S8100, Ie, Internet_explorer N/A