CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Microsoft » Internet Explorer : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-1999-0031 1997-07-08 2021-07-22
2.6
None Remote High Not required Partial None None
JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x, 3.x and 4.x, allows remote attackers to monitor a user's web activities, aka the Bell Labs vulnerability.
2 CVE-1999-0468 1999-04-09 2021-07-22
2.6
None Remote High Not required Partial None None
Internet Explorer 5.0 allows a remote server to read arbitrary files on the client's file system using the Microsoft Scriptlet Component.
3 CVE-1999-0487 1999-05-01 2021-07-22
2.6
None Remote High Not required Partial None None
The DHTML Edit ActiveX control in Internet Explorer allows remote attackers to read arbitrary files.
4 CVE-1999-0793 1999-11-17 2021-07-22
2.6
None Remote High Not required Partial None None
Internet Explorer allows remote attackers to read files by redirecting data to a Javascript applet.
5 CVE-1999-0827 1999-11-01 2021-07-22
2.6
None Remote High Not required Partial None None
By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allows frame spoofing.
6 CVE-1999-0869 1998-12-01 2021-07-22
2.6
None Remote High Not required Partial None None
Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing.
7 CVE-1999-0870 1998-10-01 2021-07-22
2.6
None Remote High Not required Partial None None
Internet Explorer 4.01 allows remote attackers to read arbitrary files by pasting a file name into the file upload control, aka untrusted scripted paste.
8 CVE-1999-0871 1998-09-04 2021-07-22
2.6
None Remote High Not required Partial None None
Internet Explorer 4.0 and 4.01 allow a remote attacker to read files via IE's cross frame security, aka the "Cross Frame Navigate" vulnerability.
9 CVE-1999-1453 1999-02-02 2021-07-22
2.6
None Remote High Not required Partial None None
Internet Explorer 4 allows remote attackers (malicious web site operators) to read the contents of the clipboard via the Internet WebBrowser ActiveX object.
10 CVE-2000-0028 Bypass 1999-12-23 2021-07-23
2.6
None Remote High Not required Partial None None
Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function.
11 CVE-2000-0266 Bypass 2000-04-18 2021-07-23
2.6
None Remote High Not required Partial None None
Internet Explorer 5.01 allows remote attackers to bypass the cross frame security policy via a malicious applet that interacts with the Java JSObject to modify the DOM properties to set the IFRAME to an arbitrary Javascript URL.
12 CVE-2000-0439 2000-05-11 2021-07-22
2.6
None Remote High Not required Partial None None
Internet Explorer 4.0 and 5.0 allows a malicious web site to obtain client cookies from another domain by including that domain name and escaped characters in a URL, aka the "Unauthorized Cookie Access" vulnerability.
13 CVE-2000-0503 2000-06-06 2021-07-23
2.6
None Remote High Not required Partial None None
The IFRAME of the WebBrowser control in Internet Explorer 5.01 allows a remote attacker to violate the cross frame security policy via the NavigateComplete2 event.
14 CVE-2000-0518 2000-06-05 2021-07-22
2.6
None Remote High Not required Partial None None
Internet Explorer 4.x and 5.x does not properly verify all contents of an SSL certificate if a connection is made to the server via an image or a frame, aka one of two different "SSL Certificate Validation" vulnerabilities.
15 CVE-2000-0519 2000-06-05 2021-07-22
2.6
None Remote High Not required Partial None None
Internet Explorer 4.x and 5.x does not properly re-validate an SSL certificate if the user establishes a new SSL session with the same server during the same Internet Explorer session, aka one of two different "SSL Certificate Validation" vulnerabilities.
16 CVE-2000-0767 2000-10-20 2021-07-23
2.6
None Remote High Not required Partial None None
The ActiveX control for invoking a scriptlet in Internet Explorer 4.x and 5.x renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka the "Scriptlet Rendering" vulnerability.
17 CVE-2000-0768 2000-10-20 2021-07-23
2.6
None Remote High Not required Partial None None
A function in Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a variant of the "Frame Domain Verification" vulnerability.
18 CVE-2001-0089 2001-02-16 2021-07-23
2.6
None Remote High Not required Partial None None
Internet Explorer 5.0 through 5.5 allows remote attackers to read arbitrary files from the client via the INPUT TYPE element in an HTML form, aka the "File Upload via Form" vulnerability.
19 CVE-2001-0091 2001-02-16 2021-07-23
2.6
None Remote High Not required Partial None None
The ActiveX control for invoking a scriptlet in Internet Explorer 5.0 through 5.5 renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka a variant of the "Scriptlet Rendering" vulnerability.
20 CVE-2001-0092 2001-02-16 2021-07-23
2.6
None Remote High Not required Partial None None
A function in Internet Explorer 5.0 through 5.5 does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a new variant of the "Frame Domain Verification" vulnerability.
21 CVE-2001-0807 2001-12-06 2021-07-22
2.6
None Remote High Not required Partial None None
Internet Explorer 5.0, and possibly other versions, may allow remote attackers (malicious web pages) to read known text files from a client's hard drive via a SCRIPT tag with a SRC value that points to the text file.
22 CVE-2001-1450 DoS 2001-05-11 2021-07-23
2.6
None Remote High Not required None None Partial
Microsoft Internet Explorer 5.0 through 6.0 allows attackers to cause a denial of service (browser crash) via a crafted FTP URL such as "/.#./".
23 CVE-2002-1444 DoS 2002-08-15 2021-07-23
2.6
None Remote High Not required None None Partial
The Google toolbar 1.1.60, when running on Internet Explorer 5.5 and 6.0, allows remote attackers to cause a denial of service (crash with an exception in oleaut32.dll) via malicious HTML, possibly related to small width and height parameters or an incorrect call to the Google.Search() function.
24 CVE-2003-1105 DoS 2003-12-31 2021-07-23
2.6
None Remote High Not required None None Partial
Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to cause a denial of service (browser or Outlook Express crash) via HTML with certain input tags that are not properly rendered.
25 CVE-2004-0484 DoS 2004-07-07 2021-07-23
2.6
None Remote High Not required None None Partial
mshtml.dll in Microsoft Internet Explorer 6.0.2800 allows remote attackers to cause a denial of service (crash) via a table containing a form that crosses multiple td elements, and whose "float: left" class is defined in a link to a CSS stylesheet after the end of the table, which may trigger a null dereference.
26 CVE-2004-1331 Bypass 2004-11-16 2021-07-23
2.6
None Remote High Not required None Partial None
The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows remote attackers to bypass the "File Download - Security Warning" dialog and save arbitrary files with arbitrary extensions via the SaveAs command.
27 CVE-2004-1922 DoS 2004-04-11 2021-07-23
2.6
None Remote High Not required None None Partial
Microsoft Internet Explorer 5.5 and 6.0 allocates memory based on the memory size written in the BMP file instead of the actual BMP file size, which allows remote attackers to cause a denial of service (memory consumption) via a small BMP file with has a large memory size.
28 CVE-2004-2011 DoS 2004-12-31 2021-07-23
2.6
None Remote High Not required None None Partial
msxml3.dll in Internet Explorer 6.0.2600.0 allows remote attackers to cause a denial of service (crash) via a single & (ampersand) in a <Ref href> link, which triggers a parsing error, possibly due to missing portions of the URI.
29 CVE-2004-2219 2004-12-31 2021-07-23
2.6
None Remote High Not required None Partial None
Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake.
30 CVE-2004-2476 DoS 2004-12-31 2021-07-23
2.6
None Remote High Not required None None Partial
Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (infinite loop and crash) via an IFRAME with "?" as the file source.
31 CVE-2005-1790 399 DoS Exec Code Mem. Corr. 2005-06-01 2021-07-23
2.6
None Remote High Not required None None Partial
Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106, and earlier versions, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a Javascript BODY onload event that calls the window function, aka "Mismatched Document Object Model Objects Memory Corruption Vulnerability."
32 CVE-2005-2274 2005-07-13 2021-07-23
2.6
None Remote High Not required None Partial None
Microsoft Internet Explorer 6.0 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."
33 CVE-2006-1192 20 2006-04-11 2021-07-23
2.6
None Remote High Not required None Partial None
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow "window content to persist" after the user has navigated to another site, aka the "Address Bar Spoofing Vulnerability." NOTE: this is a different vulnerability than CVE-2006-1626.
34 CVE-2006-1992 399 DoS Exec Code 2006-04-25 2021-07-23
2.6
None Remote High Not required None None Partial
mshtml.dll 6.00.2900.2873, as used in Microsoft Internet Explorer, allows remote attackers to cause a denial of service (crash) via nested OBJECT tags, which trigger invalid pointer dereferences including NULL dereferences. NOTE: the possibility of code execution was originally theorized, but Microsoft has stated that this issue is non-exploitable.
35 CVE-2006-2766 DoS Overflow 2006-06-02 2021-07-23
2.6
None Remote High Not required None None Partial
Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a long mhtml URI in the URL value in a URL file.
36 CVE-2006-3227 Bypass 2006-06-26 2021-07-23
2.6
None Remote High Not required None Partial None
Interpretation conflict between Internet Explorer and other web browsers such as Mozilla, Opera, and Firefox might allow remote attackers to modify the visual presentation of web pages and possibly bypass protection mechanisms such as content filters via ASCII characters with the 8th bit set, which could be stripped by Internet Explorer to render legible text, but not when using other browsers. NOTE: there has been significant discussion about this issue, and as of 20060625, it is not clear where the responsibility for this issue lies, although it might be due to vagueness within the associated standards. NOTE: this might only be exploitable with certain encodings.
37 CVE-2012-6502 200 +Info 2013-01-22 2013-09-03
2.6
None Remote High Not required Partial None None
Microsoft Internet Explorer before 10 allows remote attackers to obtain sensitive information about the existence of files, and read certain data from files, via a UNC share pathname in the SRC attribute of a SCRIPT element, as demonstrated by reading a name-value pair from a local file via a \\127.0.0.1\C$\ sequence.
38 CVE-2016-0194 200 Bypass +Info 2016-05-11 2018-10-12
2.6
None Remote High Not required Partial None None
Microsoft Internet Explorer 10 and 11 allows remote attackers to bypass file permissions and obtain sensitive information via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."
39 CVE-2016-3261 200 +Info 2016-07-13 2018-10-12
2.6
None Remote High Not required Partial None None
Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."
40 CVE-2016-3273 200 XSS +Info 2016-07-13 2018-10-12
2.6
None Remote High Not required Partial None None
The XSS Filter in Microsoft Internet Explorer 9 through 11 and Microsoft Edge does not properly restrict JavaScript code, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."
41 CVE-2016-3274 284 2016-07-13 2018-10-12
2.6
None Remote High Not required None Partial None
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to conduct content-spoofing attacks via a crafted URL, aka "Microsoft Browser Spoofing Vulnerability."
42 CVE-2016-3276 284 2016-07-13 2018-10-12
2.6
None Remote High Not required None Partial None
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to conduct content-spoofing attacks via a crafted URL, aka "Microsoft Browser Spoofing Vulnerability."
43 CVE-2016-3277 200 +Info 2016-07-13 2018-10-12
2.6
None Remote High Not required Partial None None
Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."
44 CVE-2016-3291 200 +Info 2016-09-14 2018-10-12
2.6
None Remote High Not required Partial None None
Microsoft Internet Explorer 11 and Microsoft Edge mishandle cross-origin requests, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."
45 CVE-2016-3298 200 +Info 2016-10-14 2018-10-12
2.6
None Remote High Not required Partial None None
Microsoft Internet Explorer 9 through 11 and the Internet Messaging API in Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow remote attackers to determine the existence of arbitrary files via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."
46 CVE-2016-3325 200 +Info 2016-09-14 2018-10-12
2.6
None Remote High Not required Partial None None
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."
47 CVE-2016-3326 200 +Info 2016-08-09 2018-10-12
2.6
None Remote High Not required Partial None None
Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to obtain sensitive information via a crafted web page, aka "Microsoft Browser Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3327.
48 CVE-2016-3327 200 +Info 2016-08-09 2018-10-12
2.6
None Remote High Not required Partial None None
Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to obtain sensitive information via a crafted web page, aka "Microsoft Browser Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3326.
49 CVE-2016-3329 200 +Info 2016-08-09 2018-10-12
2.6
None Remote High Not required Partial None None
Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to determine the existence of files via a crafted webpage, aka "Internet Explorer Information Disclosure Vulnerability."
50 CVE-2016-3351 200 +Info 2016-09-14 2018-10-12
2.6
None Remote High Not required Partial None None
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."
Total number of vulnerabilities : 62   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.