Microsoft Internet Explorer vulnerabilities

CVE-2003-0815 [HIGH] CVE-2003-0815: Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arb Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, a

CVE-2003-1026 [CRITICAL] CWE-264 CVE-2003-1026: Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javas Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability."

CVE-2003-1027 [CRITICAL] CVE-2003-1027: Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and o Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and

CVE-2003-1028 [MEDIUM] CVE-2003-1028: The download function of Internet Explorer 6 SP1 allows remote attackers to obtain the cache directo The download function of Internet Explorer 6 SP1 allows remote attackers to obtain the cache directory name via an HTTP response with an invalid ContentType and a .htm file, which could allow remote attackers to bypass security mechanisms that rely on random names, as demonstrated by threadid10008.

CVE-2003-1025 [MEDIUM] CWE-20 CVE-2003-1025: Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01 Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability."

CVE-2003-1559 [MEDIUM] CWE-200 CVE-2003-1559: Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, sends Referer headers containi Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.

CVE-2003-1505 [MEDIUM] CVE-2003-1505: Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (crash) by crea Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (crash) by creating a web page or HTML e-mail with a textarea in a div element whose scrollbar-base-color is modified by a CSS style, which is then moved.

CVE-2003-1105 [LOW] CVE-2003-1105: Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to cause Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to cause a denial of service (browser or Outlook Express crash) via HTML with certain input tags that are not properly rendered.

CVE-2003-0809 [HIGH] CVE-2003-0809: Internet Explorer 5.01 through 6.0 does not properly handle object tags returned from a Web server d Internet Explorer 5.01 through 6.0 does not properly handle object tags returned from a Web server during XML data binding, which allows remote attackers to execute arbitrary code via an HTML e-mail message or web page.

CVE-2003-0838 [HIGH] CVE-2003-0838: Internet Explorer allows remote attackers to bypass zone restrictions to inject and execute arbitrar Internet Explorer allows remote attackers to bypass zone restrictions to inject and execute arbitrary programs by creating a popup window and inserting ActiveX object code with a "data" tag pointing to the malicious code, which Internet Explorer treats as HTML or Javascript, but later executes as an HTA application, a different vulnerability than CVE-2003-0532,

CVE-2003-0532 [HIGH] CVE-2003-0532: Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine object types that are returne Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine object types that are returned by web servers, which could allow remote attackers to execute arbitrary code via an object tag with a data parameter to a malicious file hosted on a server that returns an unsafe Content-Type, aka the "Object Type" vulnerability.

CVE-2003-0531 [HIGH] CVE-2003-0531: Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to access and execute script in t Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to access and execute script in the My Computer domain using the browser cache via crafted Content-Type and Content-Disposition headers, aka the "Browser Cache Script Execution in My Computer Zone" vulnerability.

CVE-2003-0701 [HIGH] CVE-2003-0701: Buffer overflow in Internet Explorer 6 SP1 for certain languages that support double-byte encodings Buffer overflow in Internet Explorer 6 SP1 for certain languages that support double-byte encodings (e.g., Japanese) allows remote attackers to execute arbitrary code via the Type property of an Object tag, a variant of CVE-2003-0344.

CVE-2003-0530 [HIGH] CVE-2003-0530: Buffer overflow in the BR549.DLL ActiveX control for Internet Explorer 5.01 SP3 through 6.0 SP1 allo Buffer overflow in the BR549.DLL ActiveX control for Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to execute arbitrary code.

CVE-2003-0519 [MEDIUM] CVE-2003-0519: Certain versions of Internet Explorer 5 and 6, in certain Windows environments, allow remote attacke Certain versions of Internet Explorer 5 and 6, in certain Windows environments, allow remote attackers to cause a denial of service (freeze) via a URL to C:\aux (MS-DOS device name) and possibly other devices.

CVE-2001-1410 [MEDIUM] CVE-2001-1410: Internet Explorer 6 and earlier allows remote attackers to create chromeless windows using the Javas Internet Explorer 6 and earlier allows remote attackers to create chromeless windows using the Javascript window.createPopup method, which could allow attackers to simulate a victim's display and conduct unauthorized activities or steal sensitive data via social engineering.

CVE-2003-0446 [MEDIUM] CVE-2003-0446: Cross-site scripting (XSS) in Internet Explorer 5.5 and 6.0, possibly in a component that is also us Cross-site scripting (XSS) in Internet Explorer 5.5 and 6.0, possibly in a component that is also used by other Microsoft products, allows remote attackers to insert arbitrary web script via an XML file that contains a parse error, which inserts the script in the resulting error message.

CVE-2003-0447 [MEDIUM] CVE-2003-0447: The Custom HTTP Errors capability in Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to The Custom HTTP Errors capability in Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute script in the Local Zone via an argument to shdocvw.dll that causes a "javascript:" link to be generated.

CVE-2003-0344 [HIGH] CVE-2003-0344: Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page.

CVE-2003-0309 [HIGH] CVE-2003-0309: Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass security zone restrictions an Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass security zone restrictions and execute arbitrary programs via a web document with a large number of duplicate file:// or other requests that point to the program and open multiple file download dialogs, which eventually cause Internet Explorer to execute the program, as demonstrated using a