Internet Explorer

internet_explorer

Vendor: Microsoft • 1,635 CVEs

CVEs (1,635)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2001-1497 1Microsoft 2Ie Internet Explorer Apr 16, 2026 Dec 31, 2001 N/A· v4 N/A· v3 2.1 LOW· v2 Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanum...Show more Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a brute-force password guessing attack.Show less
CVE-2001-1219 1Microsoft 1Internet Explorer Apr 16, 2026 Dec 20, 2001 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Microsoft Internet Explorer 6.0 and earlier allows malicious website operators to cause a denial of service (client crash) via JavaScript that continually refreshes the window via self.location.
CVE-2001-0727 1Microsoft 1Internet Explorer Apr 16, 2026 Dec 14, 2001 N/A· v4 N/A· v3 7.5 HIGH· v2 Internet Explorer 6.0 allows remote attackers to execute arbitrary code by modifying the Content-Disposition and Content-Type header fields in a way that causes Internet Explorer to believe that the file is safe to open...Show more Internet Explorer 6.0 allows remote attackers to execute arbitrary code by modifying the Content-Disposition and Content-Type header fields in a way that causes Internet Explorer to believe that the file is safe to open without prompting the user, aka the "File Execution Vulnerability."Show less
CVE-2001-0874 1Microsoft 1Internet Explorer Apr 16, 2026 Dec 13, 2001 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Internet Explorer 5.5 and 6.0 allow remote attackers to read certain files via HTML that passes information from a frame in the client's domain to a frame in the web site's domain, a variant of the "Frame Domain Verifica...Show more Internet Explorer 5.5 and 6.0 allow remote attackers to read certain files via HTML that passes information from a frame in the client's domain to a frame in the web site's domain, a variant of the "Frame Domain Verification" vulnerability.Show less
CVE-2001-0807 1Microsoft 1Internet Explorer Apr 16, 2026 Dec 6, 2001 N/A· v4 N/A· v3 2.6 LOW· v2 Internet Explorer 5.0, and possibly other versions, may allow remote attackers (malicious web pages) to read known text files from a client's hard drive via a SCRIPT tag with a SRC value that points to the text file.
CVE-2001-0722 1Microsoft 1Internet Explorer Apr 16, 2026 Dec 6, 2001 N/A· v4 N/A· v3 6.4 MEDIUM· v2 Internet Explorer 5.5 and 6.0 allows remote attackers to read and modify user cookies via Javascript in an about: URL, aka the "First Cookie Handling Vulnerability."
CVE-2001-0919 1Microsoft 1Internet Explorer Apr 16, 2026 Nov 26, 2001 N/A· v4 N/A· v3 5.1 MEDIUM· v2 Internet Explorer 5.50.4134.0100 on Windows ME with "Prompt to allow cookies to be stored on your machine" enabled does not warn a user when a cookie is set using Javascript.
CVE-2001-0875 1Microsoft 1Internet Explorer Apr 16, 2026 Nov 26, 2001 N/A· v4 N/A· v3 7.5 HIGH· v2 Internet Explorer 5.5 and 6.0 allows remote attackers to cause the File Download dialogue box to misrepresent the name of the file in the dialogue in a way that could fool users into thinking that the file type is safe t...Show more Internet Explorer 5.5 and 6.0 allows remote attackers to cause the File Download dialogue box to misrepresent the name of the file in the dialogue in a way that could fool users into thinking that the file type is safe to download.Show less
CVE-2001-0904 1Microsoft 1Internet Explorer Apr 16, 2026 Nov 20, 2001 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Internet Explorer 5.5 and 6 with the Q312461 (MS01-055) patch modifies the HTTP_USER_AGENT (UserAgent) information that indicates that the patch has been installed, which could allow remote malicious web sites to more ea...Show more Internet Explorer 5.5 and 6 with the Q312461 (MS01-055) patch modifies the HTTP_USER_AGENT (UserAgent) information that indicates that the patch has been installed, which could allow remote malicious web sites to more easily identify and exploit vulnerable clients.Show less
CVE-2001-0724 1Microsoft 1Internet Explorer Apr 16, 2026 Nov 14, 2001 N/A· v4 N/A· v3 7.5 HIGH· v2 Internet Explorer 5.5 allows remote attackers to bypass security restrictions via malformed URLs that contain dotless IP addresses, which causes Internet Explorer to process the page in the Intranet Zone, which may have...Show more Internet Explorer 5.5 allows remote attackers to bypass security restrictions via malformed URLs that contain dotless IP addresses, which causes Internet Explorer to process the page in the Intranet Zone, which may have fewer security restrictions, aka the "Zone Spoofing Vulnerability variant" of CVE-2001-0664.Show less
CVE-2001-0723 1Microsoft 1Internet Explorer Apr 16, 2026 Nov 14, 2001 N/A· v4 N/A· v3 6.4 MEDIUM· v2 Internet Explorer 5.5 and 6.0 allows remote attackers to read and modify user cookies via Javascript, aka the "Second Cookie Handling Vulnerability."
CVE-2001-0712 1Microsoft 1Internet Explorer Apr 16, 2026 Oct 30, 2001 N/A· v4 N/A· v3 7.5 HIGH· v2 The rendering engine in Internet Explorer determines the MIME type independently of the type that is specified by the server, which allows remote servers to automatically execute script which is placed in a file whose MI...Show more The rendering engine in Internet Explorer determines the MIME type independently of the type that is specified by the server, which allows remote servers to automatically execute script which is placed in a file whose MIME type does not normally support scripting, such as text (.txt), JPEG (.jpg), etc.Show less
CVE-2001-0667 1Microsoft 1Internet Explorer Apr 16, 2026 Oct 30, 2001 N/A· v4 7.3 HIGH· v3 7.5 HIGH· v2 Internet Explorer 6 and earlier, when used with the Telnet client in Services for Unix (SFU) 2.0, allows remote attackers to execute commands by spawning Telnet with a log file option on the command line and writing arbi...Show more Internet Explorer 6 and earlier, when used with the Telnet client in Services for Unix (SFU) 2.0, allows remote attackers to execute commands by spawning Telnet with a log file option on the command line and writing arbitrary code into an executable file which is later executed, aka a new variant of the Telnet Invocation vulnerability as described in CVE-2001-0150.Show less
CVE-2001-0664 1Microsoft 1Internet Explorer Apr 16, 2026 Oct 30, 2001 N/A· v4 N/A· v3 7.5 HIGH· v2 Internet Explorer 5.5 and 5.01 allows remote attackers to bypass security restrictions via malformed URLs that contain dotless IP addresses, which causes Internet Explorer to process the page in the Intranet Zone, which...Show more Internet Explorer 5.5 and 5.01 allows remote attackers to bypass security restrictions via malformed URLs that contain dotless IP addresses, which causes Internet Explorer to process the page in the Intranet Zone, which may have fewer security restrictions, aka the "Zone Spoofing vulnerability."Show less
CVE-2001-0643 1Microsoft 1Internet Explorer Apr 16, 2026 Sep 20, 2001 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Internet Explorer 5.5 does not display the Class ID (CLSID) when it is at the end of the file name, which could allow attackers to trick the user into executing dangerous programs by making it appear that the document is...Show more Internet Explorer 5.5 does not display the Class ID (CLSID) when it is at the end of the file name, which could allow attackers to trick the user into executing dangerous programs by making it appear that the document is of a safe file type.Show less
CVE-2001-0002 1Microsoft 2Internet Explorer Windows Script Host Apr 16, 2026 Jul 21, 2001 N/A· v4 N/A· v3 7.5 HIGH· v2 Internet Explorer 5.5 and earlier allows remote attackers to obtain the physical location of cached content and open the content in the Local Computer Zone, then use compiled HTML help (.chm) files to execute arbitrary p...Show more Internet Explorer 5.5 and earlier allows remote attackers to obtain the physical location of cached content and open the content in the Local Computer Zone, then use compiled HTML help (.chm) files to execute arbitrary programs.Show less
CVE-2001-0339 1Microsoft 1Internet Explorer Apr 16, 2026 Jun 27, 2001 N/A· v4 N/A· v3 7.5 HIGH· v2 Internet Explorer 5.5 and earlier allows remote attackers to display a URL in the address bar that is different than the URL that is actually being displayed, which could be used in web site spoofing attacks, aka the "We...Show more Internet Explorer 5.5 and earlier allows remote attackers to display a URL in the address bar that is different than the URL that is actually being displayed, which could be used in web site spoofing attacks, aka the "Web page spoofing vulnerability."Show less
CVE-2001-0338 1Microsoft 1Internet Explorer Apr 16, 2026 Jun 27, 2001 N/A· v4 N/A· v3 5.1 MEDIUM· v2 Internet Explorer 5.5 and earlier does not properly validate digital certificates when Certificate Revocation List (CRL) checking is enabled, which could allow remote attackers to spoof trusted web sites, aka the "Server...Show more Internet Explorer 5.5 and earlier does not properly validate digital certificates when Certificate Revocation List (CRL) checking is enabled, which could allow remote attackers to spoof trusted web sites, aka the "Server certificate validation vulnerability."Show less
CVE-2001-0332 1Microsoft 1Internet Explorer Apr 16, 2026 Jun 27, 2001 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Internet Explorer 5.5 and earlier does not properly verify the domain of a frame within a browser window, which allows remote web site operators to read certain files on the client by sending information from a local fra...Show more Internet Explorer 5.5 and earlier does not properly verify the domain of a frame within a browser window, which allows remote web site operators to read certain files on the client by sending information from a local frame to a frame in a different domain using MSScriptControl.ScriptControl and GetObject, aka a variant of the "Frame Domain Verification" vulnerability.Show less
CVE-2001-0246 1Microsoft 1Internet Explorer Apr 16, 2026 Jun 27, 2001 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Internet Explorer 5.5 and earlier does not properly verify the domain of a frame within a browser window, which allows remote web site operators to read certain files on the client by sending information from a local fra...Show more Internet Explorer 5.5 and earlier does not properly verify the domain of a frame within a browser window, which allows remote web site operators to read certain files on the client by sending information from a local frame to a frame in a different domain, aka a variant of the "Frame Domain Verification" vulnerability.Show less

Previous 1...777879...82 Next