Microsoft Ie vulnerabilities

CVE-2002-1142 [HIGH] CVE-2002-1142: Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Comp Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.

CVE-2002-0153 [HIGH] CVE-2002-0153: Internet Explorer 5.1 for Macintosh allows remote attackers to bypass security checks and invoke loc Internet Explorer 5.1 for Macintosh allows remote attackers to bypass security checks and invoke local AppleScripts within a specific HTML element, aka the "Local Applescript Invocation" vulnerability.

CVE-2002-0152 [HIGH] CVE-2002-0152: Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a d Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v.

CVE-2001-1489 [MEDIUM] CVE-2001-1489: Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (CPU consumption Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images.

CVE-2001-1497 [LOW] CVE-2001-1497: Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanu Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a brute-force password guessing attack.

CVE-2001-1218 [LOW] CVE-2001-1218: Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window.

CVE-2001-0665 [HIGH] CVE-2001-0665: Internet Explorer 6 and earlier allows remote attackers to cause certain HTTP requests to be automat Internet Explorer 6 and earlier allows remote attackers to cause certain HTTP requests to be automatically executed and appear to come from the user, which could allow attackers to gain privileges or execute operations within web-based services, aka the "HTTP Request Encoding vulnerability."

CVE-2000-1061 [MEDIUM] CVE-2000-1061: Microsoft Virtual Machine (VM) in Internet Explorer 4.x and 5.x allows an unsigned applet to create Microsoft Virtual Machine (VM) in Internet Explorer 4.x and 5.x allows an unsigned applet to create and use ActiveX controls, which allows a remote attacker to bypass Internet Explorer's security settings and execute arbitrary commands via a malicious web page or email, aka the "Microsoft VM ActiveX Component" vulnerability.

CVE-2000-0768 [LOW] CVE-2000-0768: A function in Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a A function in Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a variant of the "Frame Domain Verification" vulnerability.

CVE-2000-0519 [LOW] CVE-2000-0519: Internet Explorer 4.x and 5.x does not properly re-validate an SSL certificate if the user establish Internet Explorer 4.x and 5.x does not properly re-validate an SSL certificate if the user establishes a new SSL session with the same server during the same Internet Explorer session, aka one of two different "SSL Certificate Validation" vulnerabilities.

CVE-2000-0518 [LOW] CVE-2000-0518: Internet Explorer 4.x and 5.x does not properly verify all contents of an SSL certificate if a conne Internet Explorer 4.x and 5.x does not properly verify all contents of an SSL certificate if a connection is made to the server via an image or a frame, aka one of two different "SSL Certificate Validation" vulnerabilities.

CVE-2000-0160 [HIGH] CVE-2000-0160: The Microsoft Active Setup ActiveX component in Internet Explorer 4.x and 5.x allows a remote attack The Microsoft Active Setup ActiveX component in Internet Explorer 4.x and 5.x allows a remote attacker to install software components without prompting the user by stating that the software's manufacturer is Microsoft.

CVE-2000-0162 [MEDIUM] CVE-2000-0162: The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the "VM File Reading" vulnerability.

CVE-1999-0876 [CRITICAL] CWE-119 CVE-1999-0876: Buffer overflow in Internet Explorer 4.0 via EMBED tag. Buffer overflow in Internet Explorer 4.0 via EMBED tag.

CVE-2000-0028 [LOW] CVE-2000-0028: Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function.

CVE-2000-0036 [MEDIUM] CVE-2000-0036: Outlook Express 5 for Macintosh downloads attachments to HTML mail without prompting the user, aka t Outlook Express 5 for Macintosh downloads attachments to HTML mail without prompting the user, aka the "HTML Mail Attachment" vulnerability.

CVE-1999-0989 [HIGH] CVE-1999-0989: Buffer overflow in Internet Explorer 5 directshow filter (MSDXM.OCX) allows remote attackers to exec Buffer overflow in Internet Explorer 5 directshow filter (MSDXM.OCX) allows remote attackers to execute commands via the vnd.ms.radio protocol.

CVE-1999-0839 [HIGH] CWE-264 CVE-1999-0839: Windows NT Task Scheduler installed with Internet Explorer 5 allows a user to gain privileges by mod Windows NT Task Scheduler installed with Internet Explorer 5 allows a user to gain privileges by modifying the job after it has been scheduled.

CVE-2000-0329 [MEDIUM] CVE-2000-0329: A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an atta A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML mail, aka the "Active Setup Control" vulnerability.

CVE-1999-0827 [LOW] CVE-1999-0827: By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across differe By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allows frame spoofing.