Microsoft Internet Explorer vulnerabilities

CVE-2004-0845 [MEDIUM] CVE-2004-0845: Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attacker Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site.

CVE-2004-0843 [MEDIUM] CVE-2004-0843: Internet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attacke Internet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability."

CVE-2004-0866 [HIGH] CVE-2004-0866: Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such a Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.

CVE-2004-0839 [MEDIUM] CVE-2004-0839: Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attack Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".

CVE-2004-0549 [CRITICAL] CVE-2004-0549: The WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in The WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations,

CVE-2004-0526 [MEDIUM] CVE-2004-0526: Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL i Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack.

CVE-2004-0727 [HIGH] CVE-2004-0727: Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redi

CVE-2003-1048 [HIGH] CWE-415 CVE-2003-1048: Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.

CVE-2004-0719 [HIGH] CVE-2004-0719: Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, and possibly other versions, doe Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, and possibly other versions, does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.

CVE-2004-0566 [HIGH] CVE-2004-0566: Integer overflow in imgbmp.cxx for Windows 2000 allows remote attackers to execute arbitrary code vi Integer overflow in imgbmp.cxx for Windows 2000 allows remote attackers to execute arbitrary code via a BMP image with a large bfOffBits value.

CVE-2004-0420 [CRITICAL] CVE-2004-0420: The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, a The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP.

CVE-2004-0484 [LOW] CVE-2004-0484: mshtml.dll in Microsoft Internet Explorer 6.0.2800 allows remote attackers to cause a denial of serv mshtml.dll in Microsoft Internet Explorer 6.0.2800 allows remote attackers to cause a denial of service (crash) via a table containing a form that crosses multiple td elements, and whose "float: left" class is defined in a link to a CSS stylesheet after the end of the table, which may trigger a null dereference.

CVE-2003-1041 [HIGH] CVE-2003-1041: Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified d Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475.

CVE-2003-0513 [HIGH] CVE-2003-0513: Microsoft Internet Explorer allows remote attackers to bypass intended cookie access restrictions on Microsoft Internet Explorer allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Internet Explorer to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.

CVE-2004-1922 [LOW] CVE-2004-1922: Microsoft Internet Explorer 5.5 and 6.0 allocates memory based on the memory size written in the BMP Microsoft Internet Explorer 5.5 and 6.0 allocates memory based on the memory size written in the BMP file instead of the actual BMP file size, which allows remote attackers to cause a denial of service (memory consumption) via a small BMP file with has a large memory size.

CVE-2004-2090 [MEDIUM] CVE-2004-2090: Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers to determine the existence of Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers to determine the existence of arbitrary files via the VBScript LoadPicture method, which returns an error code if the file does not exist.

CVE-2003-0823 [HIGH] CVE-2003-0823: Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and ot Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027.

CVE-2003-0814 [HIGH] CVE-2003-0814: Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability.

CVE-2003-0816 [HIGH] CVE-2003-0816: Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag fo

CVE-2003-0817 [HIGH] CVE-2003-0817: Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read ar Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object.