Internet Explorer

internet_explorer

Vendor: Microsoft • 1,635 CVEs

CVEs (1,635)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2002-0269 1Microsoft 1Internet Explorer Apr 16, 2026 May 29, 2002 N/A· v4 N/A· v3 7.5 HIGH· v2 Internet Explorer 5.x and 6 interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expec...Show more Internet Explorer 5.x and 6 interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web applications that use a text/plain type to prevent cross-site scripting attacks.Show less
CVE-2002-0242 1Microsoft 1Internet Explorer Apr 16, 2026 May 29, 2002 N/A· v4 N/A· v3 7.5 HIGH· v2 Cross-site scripting vulnerability in Internet Explorer 6 earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed.
CVE-2002-0193 1Microsoft 1Internet Explorer Apr 16, 2026 May 29, 2002 N/A· v4 N/A· v3 7.5 HIGH· v2 Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the...Show more Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the first variant of the "Content Disposition" vulnerability.Show less
CVE-2002-0191 1Microsoft 1Internet Explorer Apr 16, 2026 May 29, 2002 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to view arbitrary files that contain the "{" character via script containing the cssText property of the stylesheet object, aka "Local Information Dis...Show more Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to view arbitrary files that contain the "{" character via script containing the cssText property of the stylesheet object, aka "Local Information Disclosure through HTML Object" vulnerability.Show less
CVE-2002-0190 1Microsoft 1Internet Explorer Apr 16, 2026 May 29, 2002 N/A· v4 N/A· v3 7.5 HIGH· v2 Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code under fewer security restrictions via a malformed web page that requires NetBIOS connectivity, aka "Zone Spoofing through Ma...Show more Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code under fewer security restrictions via a malformed web page that requires NetBIOS connectivity, aka "Zone Spoofing through Malformed Web Page" vulnerability.Show less
CVE-2002-0189 1Microsoft 1Internet Explorer Apr 16, 2026 May 29, 2002 N/A· v4 N/A· v3 7.5 HIGH· v2 Cross-site scripting vulnerability in Internet Explorer 6.0 allows remote attackers to execute scripts in the Local Computer zone via a URL that exploits a local HTML resource file, aka the "Cross-Site Scripting in Local...Show more Cross-site scripting vulnerability in Internet Explorer 6.0 allows remote attackers to execute scripts in the Local Computer zone via a URL that exploits a local HTML resource file, aka the "Cross-Site Scripting in Local HTML Resource" vulnerability.Show less
CVE-2002-0188 1Microsoft 1Internet Explorer Apr 16, 2026 May 29, 2002 N/A· v4 N/A· v3 7.5 HIGH· v2 Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the...Show more Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the second variant of the "Content Disposition" vulnerability.Show less
CVE-2002-0078 1Microsoft 1Internet Explorer Apr 16, 2026 Mar 29, 2002 N/A· v4 N/A· v3 7.5 HIGH· v2 The zone determination function in Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to run scripts in the Local Computer zone by embedding the script in a cookie, aka the "Cookie-based Script Execution" vu...Show more The zone determination function in Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to run scripts in the Local Computer zone by embedding the script in a cookie, aka the "Cookie-based Script Execution" vulnerability.Show less
CVE-2002-0136 1Microsoft 1Internet Explorer Apr 16, 2026 Mar 25, 2002 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Microsoft Internet Explorer 5.5 on Windows 98 allows remote web pages to cause a denial of service (hang) via extremely long values for form fields such as INPUT and TEXTAREA, which can be automatically filled via Javasc...Show more Microsoft Internet Explorer 5.5 on Windows 98 allows remote web pages to cause a denial of service (hang) via extremely long values for form fields such as INPUT and TEXTAREA, which can be automatically filled via Javascript.Show less
CVE-2002-0101 1Microsoft 1Internet Explorer Apr 16, 2026 Mar 25, 2002 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Microsoft Internet Explorer 6.0 and earlier allows local users to cause a denial of service via an infinite loop for modeless dialogs showModelessDialog, which causes CPU usage while the focus for the dialog is not relea...Show more Microsoft Internet Explorer 6.0 and earlier allows local users to cause a denial of service via an infinite loop for modeless dialogs showModelessDialog, which causes CPU usage while the focus for the dialog is not released.Show less
CVE-2002-0057 1Microsoft 4Internet Explorer Sql ServerWindows Xp+1 more Apr 16, 2026 Mar 8, 2002 N/A· v4 N/A· v3 5.0 MEDIUM· v2 XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source.
CVE-2002-0052 1Microsoft 1Internet Explorer Apr 16, 2026 Mar 8, 2002 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Internet Explorer 6.0 and earlier does not properly handle VBScript in certain domain security checks, which allows remote attackers to read arbitrary files.
CVE-2002-0027 1Microsoft 1Internet Explorer Apr 16, 2026 Mar 8, 2002 N/A· v4 N/A· v3 7.5 HIGH· v2 Internet Explorer 5.5 and 6.0 allows remote attackers to read certain files and spoof the URL in the address bar by using the Document.open function to pass information between two frames from different domains, a new va...Show more Internet Explorer 5.5 and 6.0 allows remote attackers to read certain files and spoof the URL in the address bar by using the Document.open function to pass information between two frames from different domains, a new variant of the "Frame Domain Verification" vulnerability described in MS:MS01-058/CAN-2001-0874.Show less
CVE-2002-0026 1Microsoft 1Internet Explorer Apr 16, 2026 Mar 8, 2002 N/A· v4 N/A· v3 7.5 HIGH· v2 Internet Explorer 5.5 and 6.0 allows remote attackers to bypass restrictions for executing scripts via an object that processes asynchronous events after the initial security checks have been made.
CVE-2002-0025 1Microsoft 1Internet Explorer Apr 16, 2026 Mar 8, 2002 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Internet Explorer 5.01, 5.5 and 6.0 does not properly handle the Content-Type HTML header field, which allows remote attackers to modify which application is used to process a document.
CVE-2002-0024 1Microsoft 1Internet Explorer Apr 16, 2026 Mar 8, 2002 N/A· v4 N/A· v3 7.5 HIGH· v2 File Download box in Internet Explorer 5.01, 5.5 and 6.0 allows an attacker to use the Content-Disposition and Content-Type HTML header fields to modify how the name of the file is displayed, which could trick a user int...Show more File Download box in Internet Explorer 5.01, 5.5 and 6.0 allows an attacker to use the Content-Disposition and Content-Type HTML header fields to modify how the name of the file is displayed, which could trick a user into believing that a file is safe to download.Show less
CVE-2002-0023 1Microsoft 1Internet Explorer Apr 16, 2026 Mar 8, 2002 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks.
CVE-2002-0022 1Microsoft 1Internet Explorer Apr 16, 2026 Mar 8, 2002 N/A· v4 N/A· v3 7.5 HIGH· v2 Buffer overflow in the implementation of an HTML directive in mshtml.dll in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via a web page that specifies embedded ActiveX controls in a way...Show more Buffer overflow in the implementation of an HTML directive in mshtml.dll in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via a web page that specifies embedded ActiveX controls in a way that causes 2 Unicode strings to be concatenated.Show less
CVE-2002-0077 1Microsoft 1Internet Explorer Apr 16, 2026 Jan 13, 2002 N/A· v4 N/A· v3 7.5 HIGH· v2 Microsoft Internet Explorer 5.01, 5.5 and 6.0 treats objects invoked on an HTML page with the codebase property as part of Local Computer zone, which allows remote attackers to invoke executables present on the local sys...Show more Microsoft Internet Explorer 5.01, 5.5 and 6.0 treats objects invoked on an HTML page with the codebase property as part of Local Computer zone, which allows remote attackers to invoke executables present on the local system through objects such as the popup object, aka the "Local Executable Invocation via Object tag" vulnerability.Show less
CVE-2001-1539 1Microsoft 1Internet Explorer Apr 16, 2026 Dec 31, 2001 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Stack consumption vulnerability in Internet Explorer The JavaScript settimeout function in Internet Explorer allows remote attackers to cause a denial of service (crash) via the JavaScript settimeout function. NOTE: the...Show more Stack consumption vulnerability in Internet Explorer The JavaScript settimeout function in Internet Explorer allows remote attackers to cause a denial of service (crash) via the JavaScript settimeout function. NOTE: the vendor could not reproduce the problem.Show less

Previous 1...767778...82 Next