| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2011-2383 |
20 |
|
|
2011-06-03 |
2021-07-23 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Microsoft Internet Explorer 9 and earlier does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing an http: URL that redirects to a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue, aka "Drag and Drop Information Disclosure Vulnerability." NOTE: this vulnerability exists because of an incomplete fix in the Internet Explorer 9 release. |
|
2 |
CVE-2011-2382 |
20 |
|
|
2011-06-03 |
2021-07-23 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 beta, does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue. |
|
3 |
CVE-2010-5071 |
264 |
|
+Info |
2011-12-07 |
2021-07-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The JavaScript implementation in Microsoft Internet Explorer 8.0 and earlier does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method. |
|
4 |
CVE-2009-2954 |
20 |
|
DoS |
2009-08-24 |
2021-07-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU consumption and application hang) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715. |
|
5 |
CVE-2009-2576 |
399 |
|
DoS |
2009-07-22 |
2021-07-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected. |
|
6 |
CVE-2009-2069 |
287 |
|
|
2009-06-15 |
2021-07-23 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request. |
|
7 |
CVE-2009-2057 |
287 |
|
|
2009-06-15 |
2021-07-23 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack. |
|
8 |
CVE-2007-4848 |
|
|
|
2007-09-12 |
2021-07-23 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Microsoft Internet Explorer 4.0 through 7 allows remote attackers to determine the existence of local files that have associated images via a res:// URI in the src property of a JavaScript Image object, as demonstrated by the URI for a bitmap image resource within a (1) .exe or (2) .dll file. |
|
9 |
CVE-2006-0585 |
|
|
DoS |
2006-02-08 |
2021-07-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
jscript.dll in Microsoft Internet Explorer 6.0 SP1 and earlier allows remote attackers to cause a denial of service (application crash) via a Shockwave Flash object that contains ActionScript code that calls VBScript, which in turn calls the Javascript document.write function, which triggers a null dereference. |
|
10 |
CVE-2002-2435 |
200 |
|
+Info |
2011-12-07 |
2021-07-23 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The Cascading Style Sheets (CSS) implementation in Microsoft Internet Explorer 8.0 and earlier does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264. |
|
11 |
CVE-2002-0976 |
|
|
|
2002-09-24 |
2021-07-23 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
Internet Explorer 4.0 and later allows remote attackers to read arbitrary files via a web page that accesses a legacy XML Datasource applet (com.ms.xml.dso.XMLDSO.class) and modifies the base URL to point to the local system, which is trusted by the applet. |
|
12 |
CVE-2001-1497 |
|
|
|
2001-12-31 |
2021-07-23 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a brute-force password guessing attack. |
|
13 |
CVE-2001-0322 |
|
|
DoS |
2001-06-02 |
2021-07-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
MSHTML.DLL HTML parser in Internet Explorer 4.0, and other versions, allows remote attackers to cause a denial of service (application crash) via a script that creates and deletes an object that is associated with the browser window object. |
|
14 |
CVE-2001-0091 |
|
|
|
2001-02-16 |
2021-07-23 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
The ActiveX control for invoking a scriptlet in Internet Explorer 5.0 through 5.5 renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka a variant of the "Scriptlet Rendering" vulnerability. |
|
15 |
CVE-2000-0982 |
|
|
|
2000-12-19 |
2021-07-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Internet Explorer before 5.5 forwards cached user credentials for a secure web site to insecure pages on the same web site, which could allow remote attackers to obtain the credentials by monitoring connections to the web server, aka the "Cached Web Credentials" vulnerability. |
|
16 |
CVE-2000-0768 |
|
|
|
2000-10-20 |
2021-07-23 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
A function in Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a variant of the "Frame Domain Verification" vulnerability. |
|
17 |
CVE-2000-0767 |
|
|
|
2000-10-20 |
2021-07-23 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
The ActiveX control for invoking a scriptlet in Internet Explorer 4.x and 5.x renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka the "Scriptlet Rendering" vulnerability. |
|
18 |
CVE-2000-0519 |
|
|
|
2000-06-05 |
2021-07-22 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
Internet Explorer 4.x and 5.x does not properly re-validate an SSL certificate if the user establishes a new SSL session with the same server during the same Internet Explorer session, aka one of two different "SSL Certificate Validation" vulnerabilities. |
|
19 |
CVE-2000-0518 |
|
|
|
2000-06-05 |
2021-07-22 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
Internet Explorer 4.x and 5.x does not properly verify all contents of an SSL certificate if a connection is made to the server via an image or a frame, aka one of two different "SSL Certificate Validation" vulnerabilities. |
|
20 |
CVE-2000-0503 |
|
|
|
2000-06-06 |
2021-07-23 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
The IFRAME of the WebBrowser control in Internet Explorer 5.01 allows a remote attacker to violate the cross frame security policy via the NavigateComplete2 event. |
|
21 |
CVE-2000-0465 |
|
|
|
2000-05-17 |
2021-07-23 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files via the frame, aka the "Frame Domain Verification" vulnerability. |
|
22 |
CVE-2000-0464 |
|
|
Exec Code Overflow |
2000-05-17 |
2021-07-23 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
Internet Explorer 4.x and 5.x allows remote attackers to execute arbitrary commands via a buffer overflow in the ActiveX parameter parsing capability, aka the "Malformed Component Attribute" vulnerability. |
|
23 |
CVE-2000-0439 |
|
|
|
2000-05-11 |
2021-07-22 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
Internet Explorer 4.0 and 5.0 allows a malicious web site to obtain client cookies from another domain by including that domain name and escaped characters in a URL, aka the "Unauthorized Cookie Access" vulnerability. |
|
24 |
CVE-2000-0329 |
|
|
|
1999-11-11 |
2021-07-22 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML mail, aka the "Active Setup Control" vulnerability. |
|
25 |
CVE-2000-0162 |
|
|
|
2000-02-18 |
2021-07-22 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the "VM File Reading" vulnerability. |
|
26 |
CVE-2000-0156 |
|
|
|
2000-02-16 |
2021-07-23 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Internet Explorer 4.x and 5.x allows remote web servers to access files on the client that are outside of its security domain, aka the "Image Source Redirect" vulnerability. |
|
27 |
CVE-2000-0061 |
|
|
|
2000-01-07 |
2021-07-23 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Internet Explorer 5 does not modify the security zone for a document that is being loaded into a window until after the document has been loaded, which could allow remote attackers to execute Javascript in a different security context while the document is loading. |
|
28 |
CVE-2000-0028 |
|
|
Bypass |
1999-12-23 |
2021-07-23 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function. |
|
29 |
CVE-1999-1473 |
|
|
|
1999-12-31 |
2021-07-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
When a Web site redirects the browser to another site, Internet Explorer 3.02 and 4.0 automatically resends authentication information to the second site, aka the "Page Redirect Issue." |
|
30 |
CVE-1999-1472 |
|
|
|
1999-12-31 |
2021-07-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Internet Explorer 4.0 allows remote attackers to read arbitrary text and HTML files on the user's machine via a small IFRAME that uses Dynamic HTML (DHTML) to send the data to the attacker, aka the Freiburg text-viewing issue. |
|
31 |
CVE-1999-1453 |
|
|
|
1999-02-02 |
2021-07-22 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
Internet Explorer 4 allows remote attackers (malicious web site operators) to read the contents of the clipboard via the Internet WebBrowser ActiveX object. |
|
32 |
CVE-1999-1447 |
|
|
DoS |
1998-07-28 |
2021-07-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Internet Explorer 4.0 allows remote attackers to cause a denial of service (crash) via HTML code that contains a long CLASSID parameter in an OBJECT tag. |
|
33 |
CVE-1999-1093 |
|
|
Exec Code Overflow |
1999-12-31 |
2021-07-22 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the Window.External function in the JScript Scripting Engine in Internet Explorer 4.01 SP1 and earlier allows remote attackers to execute arbitrary commands via a malicious web page. |
|
34 |
CVE-1999-1087 |
|
|
|
1999-12-31 |
2021-07-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Internet Explorer 4 treats a 32-bit number ("dotless IP address") in the a URL as the hostname instead of an IP address, which causes IE to apply Local Intranet Zone settings to the resulting web page, allowing remote malicious web servers to conduct unauthorized activities by using URLs that contain the dotless IP address for their server. |
|
35 |
CVE-1999-0967 |
|
|
Overflow |
1997-11-01 |
2021-07-22 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the HTML library used by Internet Explorer, Outlook Express, and Windows Explorer via the res: local resource protocol. |
|
36 |
CVE-1999-0917 |
|
|
|
1999-05-27 |
2021-07-22 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
The Preloader ActiveX control used by Internet Explorer allows remote attackers to read arbitrary files. |
|
37 |
CVE-1999-0876 |
119 |
|
Overflow |
2000-01-04 |
2021-07-22 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in Internet Explorer 4.0 via EMBED tag. |
|
38 |
CVE-1999-0871 |
|
|
|
1998-09-04 |
2021-07-22 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
Internet Explorer 4.0 and 4.01 allow a remote attacker to read files via IE's cross frame security, aka the "Cross Frame Navigate" vulnerability. |
|
39 |
CVE-1999-0869 |
|
|
|
1998-12-01 |
2021-07-22 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing. |
|
40 |
CVE-1999-0827 |
|
|
|
1999-11-01 |
2021-07-22 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allows frame spoofing. |
|
41 |
CVE-1999-0670 |
|
|
Exec Code Overflow |
1999-09-01 |
2021-07-22 |
4.0 |
None |
Remote |
High |
Not required |
Partial |
Partial |
None |
|
Buffer overflow in the Eyedog ActiveX control allows a remote attacker to execute arbitrary commands. |
|
42 |
CVE-1999-0669 |
|
|
Exec Code |
1999-09-01 |
2021-07-22 |
4.0 |
None |
Remote |
High |
Not required |
Partial |
Partial |
None |
|
The Eyedog ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy. |
|
43 |
CVE-1999-0668 |
|
|
Exec Code |
1999-08-21 |
2021-07-22 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
The scriptlet.typelib ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy. |
|
44 |
CVE-1999-0490 |
|
|
|
1999-04-21 |
2021-07-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to learn information about a local user's files via an IMG SRC tag. |
|
45 |
CVE-1999-0488 |
|
|
|
1999-04-21 |
2021-07-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Internet Explorer 4.0 and 5.0 allows a remote attacker to execute security scripts in a different security context using malicious URLs, a variant of the "cross frame" vulnerability. |
|
46 |
CVE-1999-0487 |
|
|
|
1999-05-01 |
2021-07-22 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
The DHTML Edit ActiveX control in Internet Explorer allows remote attackers to read arbitrary files. |
|
47 |
CVE-1999-0354 |
|
|
|
1999-11-01 |
2021-07-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Internet Explorer 4.x or 5.x with Word 97 allows arbitrary execution of Visual Basic programs to the IE client through the Word 97 template, which doesn't warn the user that the template contains executable content. Also applies to Outlook when the client views a malicious email message. |
|
48 |
CVE-1999-0331 |
|
|
Overflow |
1998-01-01 |
2021-07-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in Internet Explorer 4.0(1). |
|
49 |
CVE-1999-0031 |
|
|
|
1997-07-08 |
2021-07-22 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x, 3.x and 4.x, allows remote attackers to monitor a user's web activities, aka the Bell Labs vulnerability. |
