Microsoft Ie vulnerabilities

CVE-2005-2829 [MEDIUM] CVE-2005-2829: Multiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 allow user-assisted attackers Multiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 allow user-assisted attackers to execute arbitrary code by (1) overlaying a malicious new window above a file download box, then (2) using a keyboard shortcut and delaying the display of the file download box until the user hits a shortcut that activates the "Run" button, aka "File Downloa

CVE-2005-4089 [HIGH] CWE-264 CVE-2005-4089: Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka "CSSXSS" and "CSS Cross-Domain Information Disclosure Vulner

CVE-2005-2126 [LOW] CVE-2005-2126: The FTP client in Windows XP SP1 and Server 2003, and Internet Explorer 6 SP1 on Windows 2000 SP4, w The FTP client in Windows XP SP1 and Server 2003, and Internet Explorer 6 SP1 on Windows 2000 SP4, when "Enable Folder View for FTP Sites" is enabled and the user manually initiates a file transfer, allows user-assisted, remote FTP servers to overwrite files in arbitrary locations via crafted filenames.

CVE-2005-1989 [HIGH] CVE-2005-1989: Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to obtain infor Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to obtain information and possibly execute code when browsing from a web site to a web folder view using WebDAV, aka "Web Folder Behaviors Cross-Domain Vulnerability".

CVE-2005-1990 [MEDIUM] CVE-2005-1990: Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (applicatio Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, including (1) devenum.dll, (2) diactfrm.dll, (3) wmm2filt.dll, (4) fsusd.dll, (5) dmdskmgr.dll, (6) browsewm.dll,

CVE-2005-1988 [MEDIUM] CVE-2005-1988: Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to execute arbi Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to execute arbitrary code via a web site or an HTML e-mail containing a crafted JPEG image that causes memory corruption, aka "JPEG Image Rendering Memory Corruption Vulnerability".

CVE-2005-2308 [HIGH] CVE-2005-2308: The JPEG decoder in Microsoft Internet Explorer allows remote attackers to cause a denial of service The JPEG decoder in Microsoft Internet Explorer allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via certain crafted JPEG images, as demonstrated using (1) mov_fencepost.jpg, (2) cmp_fencepost.jpg, (3) oom_dos.jpg, or (4) random.jpg.

CVE-2005-2087 [MEDIUM] CWE-399 CVE-2005-2087: Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JV

CVE-2005-1791 [LOW] CVE-2005-1791: Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the user attempts to add a URI to the Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the user attempts to add a URI to the restricted zone, in which the full domain name of the URI begins with numeric sequences similar to an IP address. NOTE: if there is not an exploit scenario in which an attacker can trigger this behavior, then perhaps this issue should not be included in CVE.

CVE-2005-0055 [HIGH] CVE-2005-0055: Internet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML me Internet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange Javascript function, which allows remote attackers to execute arbitrary code, aka the "DHTML Method Heap Memory Corruption Vulnerability."

CVE-2005-0053 [HIGH] CVE-2005-0053: Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and dr Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."

CVE-2005-0500 [MEDIUM] CVE-2005-0500: Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to spoof the domain name of a URL in Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to spoof the domain name of a URL in a titlebar for a script-initiated popup window, which could facilitate phishing attacks.

CVE-2005-0553 [MEDIUM] CVE-2005-0553: Race condition in the memory management routines in the DHTML object processor in Microsoft Internet Race condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail, aka "DHTML Object Memory Corruption Vulnerability".

CVE-2005-0054 [MEDIUM] CVE-2005-0054: Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname, aka the "URL Decoding Zone Spoofing Vulnerability."

CVE-2005-0056 [MEDIUM] CVE-2005-0056: Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition For Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability."

CVE-2005-0110 [LOW] CVE-2005-0110: Internet Explorer 6 on Windows XP SP2 allows remote attackers to bypass the file download warning di Internet Explorer 6 on Windows XP SP2 allows remote attackers to bypass the file download warning dialog and possibly trick an unknowledgeable user into executing arbitrary code via a web page with a body element containing an onclick tag, as demonstrated using the createElement function.

CVE-2004-1050 [CRITICAL] CVE-2004-1050: Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability."

CVE-2004-0985 [CRITICAL] CVE-2004-0985: Internet Explorer 6.x on Windows XP SP2 allows remote attackers to execute arbitrary code, as demons Internet Explorer 6.x on Windows XP SP2 allows remote attackers to execute arbitrary code, as demonstrated using a document with a draggable file type such as .xml, .doc, .py, .cdf, .css, .pdf, or .ppt, and using ADODB.Connection and ADODB.recordset to write to a .hta file that is interpreted in the Local Zone by HTML Help.

CVE-2004-1166 [HIGH] CWE-94 CVE-2004-1166: CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command.

CVE-2004-2291 [HIGH] CVE-2004-2291: Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code vi Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via an embedded script that uses Shell Helper objects and a shortcut (link) to execute the target script.