Microsoft Internet Explorer vulnerabilities

CVE-2004-1050 [CRITICAL] CVE-2004-1050: Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability."

CVE-2004-1166 [HIGH] CWE-94 CVE-2004-1166: CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command.

CVE-2004-2291 [HIGH] CVE-2004-2291: Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code vi Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via an embedded script that uses Shell Helper objects and a shortcut (link) to execute the target script.

CVE-2004-1155 [HIGH] CVE-2004-1155: Internet Explorer 5.01 through 6 allows remote attackers to spoof arbitrary web sites by injecting c Internet Explorer 5.01 through 6 allows remote attackers to spoof arbitrary web sites by injecting content from one window into another window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. NOTE: later research shows that Internet Explorer 7 on Windows

CVE-2004-1173 [HIGH] CVE-2004-1173: Internet Explorer 6 allows remote attackers to bypass the popup blocker via the document object mode Internet Explorer 6 allows remote attackers to bypass the popup blocker via the document object model (DOM) methods in the DHTML Dynamic HTML (DHTML) Editing Component (DEC) and Javascript that calls showModalDialog.

CVE-2004-2307 [MEDIUM] CVE-2004-2307: Microsoft Internet Explorer 6.0.2600 on Windows XP allows remote attackers to cause a denial of serv Microsoft Internet Explorer 6.0.2600 on Windows XP allows remote attackers to cause a denial of service (browser crash) via a shell: URI with double backslashes (\\) in an HTML tag such as IFRAME or A.

CVE-2004-1043 [MEDIUM] CVE-2004-1043: Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using t Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control (hhctrl.ocx) to open a Help popup window containing the PCHealth tools.htm file in the local zone and injecting Javascript to be executed, as demonstrated using "writehta.txt" and the ADODB recordset, whic

CVE-2004-2383 [MEDIUM] CVE-2004-2383: Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to bypass cross-frame scripting Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to bypass cross-frame scripting restrictions and capture keyboard events from other domains via an HTML document with Javascript that is outside a frameset that includes the target domain, then forcing the frameset to maintain focus. NOTE: the discloser claimed that the vendor does not categor

CVE-2004-0979 [MEDIUM] CVE-2004-0979: Internet Explorer on Windows XP does not properly modify the "Drag and Drop or copy and paste files" Internet Explorer on Windows XP does not properly modify the "Drag and Drop or copy and paste files" setting when the user sets it to "Disable" or "Prompt," which may enable security-sensitive operations that are inconsistent with the user's intended configuration.

CVE-2004-2011 [LOW] CVE-2004-2011: msxml3.dll in Internet Explorer 6.0.2600.0 allows remote attackers to cause a denial of service (cra msxml3.dll in Internet Explorer 6.0.2600.0 allows remote attackers to cause a denial of service (crash) via a single & (ampersand) in a link, which triggers a parsing error, possibly due to missing portions of the URI.

CVE-2004-2476 [LOW] CVE-2004-2476: Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (infinite loop Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (infinite loop and crash) via an IFRAME with "?" as the file source.

CVE-2004-2219 [LOW] CVE-2004-2219: Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishin Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake.

CVE-2004-1376 [MEDIUM] CVE-2004-1376: Directory traversal vulnerability in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote ma Directory traversal vulnerability in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote malicious FTP servers to overwrite arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command.

CVE-2004-0867 [HIGH] CWE-264 CVE-2004-0867: Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such a Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was later reported that 2.x is also affected.

CVE-2004-0842 [HIGH] CVE-2004-0842: Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "@;/*" string, possibly due to a missing comment terminator that may c

CVE-2004-0841 [MEDIUM] CVE-2004-0841: Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events tha Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."

CVE-2004-0284 [MEDIUM] CVE-2004-0284: Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a de Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name.

CVE-2004-1331 [LOW] CVE-2004-1331: The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows remote attackers to bypass the The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows remote attackers to bypass the "File Download - Security Warning" dialog and save arbitrary files with arbitrary extensions via the SaveAs command.

CVE-2004-0216 [CRITICAL] CVE-2004-0216: Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows re Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow.

CVE-2004-0214 [CRITICAL] CVE-2004-0214: Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba.