Microsoft Internet Explorer vulnerabilities

CVE-2002-1254 [HIGH] CVE-2002-1254: Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka "Cross Domain Verification via Cached Methods."

CVE-2002-1186 [MEDIUM] CVE-2002-1186: Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded char Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka "Encoded Characters Information Disclosure."

CVE-2002-1185 [MEDIUM] CVE-2002-1185: Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when ope Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka "Malformed PNG Image File Failure."

CVE-2002-1188 [MEDIUM] CVE-2002-1188: Internet Explorer 5.01 through 6.0 allows remote attackers to identify the path to the Temporary Int Internet Explorer 5.01 through 6.0 allows remote attackers to identify the path to the Temporary Internet Files folder and obtain user information such as cookies via certain uses of the OBJECT tag, which are not subjected to the proper security checks, aka "Temporary Internet Files folders Name Reading."

CVE-2002-1187 [MEDIUM] CVE-2002-1187: Cross-site scripting vulnerability (XSS) in Internet Explorer 5.01 through 6.0 allows remote attacke Cross-site scripting vulnerability (XSS) in Internet Explorer 5.01 through 6.0 allows remote attackers to read and execute files on the local system via web pages using the or element and javascript, aka "Frames Cross Site Scripting," as demonstrated using the PrivacyPolicy.dlg resource.

CVE-2002-1142 [HIGH] CVE-2002-1142: Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Comp Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.

CVE-2002-1217 [HIGH] CVE-2002-1217: Cross-Frame scripting vulnerability in the WebBrowser control as used in Internet Explorer 5.5 and 6 Cross-Frame scripting vulnerability in the WebBrowser control as used in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code, read arbitrary files, or conduct other unauthorized activities via script that accesses the Document property, which bypasses and domain restrictions.

CVE-2002-0691 [HIGH] CVE-2002-0691: Microsoft Internet Explorer 5.01 and 5.5 allows remote attackers to execute scripts in the Local Com Microsoft Internet Explorer 5.01 and 5.5 allows remote attackers to execute scripts in the Local Computer zone via a URL that references a local HTML resource file, a variant of "Cross-Site Scripting in Local HTML Resource" as identified by CAN-2002-0189.

CVE-2002-0980 [HIGH] CVE-2002-0980: The Web Folder component for Internet Explorer 5.5 and 6.0 writes an error message to a known locati The Web Folder component for Internet Explorer 5.5 and 6.0 writes an error message to a known location in the temporary folder, which allows remote attackers to execute arbitrary code by injecting it into the error message, then referring to the error message file via a mhtml: URL.

CVE-2002-0722 [HIGH] CVE-2002-0722: Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to misrepresent the source of Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to misrepresent the source of a file in the File Download dialogue box to trick users into thinking that the file type is safe to download, aka "File Origin Spoofing."

CVE-2002-0647 [HIGH] CVE-2002-0647: Buffer overflow in a legacy ActiveX control used to display specially formatted text in Microsoft In Buffer overflow in a legacy ActiveX control used to display specially formatted text in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code, aka "Buffer Overrun in Legacy Text Formatting ActiveX Control".

CVE-2002-0723 [HIGH] CVE-2002-0723: Microsoft Internet Explorer 5.5 and 6.0 does not properly verify the domain of a frame within a brow Microsoft Internet Explorer 5.5 and 6.0 does not properly verify the domain of a frame within a browser window, which allows remote attackers to read client files or invoke executable objects via the Object tag, aka "Cross Domain Verification in Object Tag."

CVE-2002-0648 [MEDIUM] CVE-2002-0648: The legacy <script> data-island capability for XML in Microsoft Internet Explorer 5.01, 5.5, and 6.0 The legacy data-island capability for XML in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read arbitrary XML files, and portions of other files, via a URL whose "src" attribute redirects to a local file.

CVE-2002-0976 [MEDIUM] CVE-2002-0976: Internet Explorer 4.0 and later allows remote attackers to read arbitrary files via a web page that Internet Explorer 4.0 and later allows remote attackers to read arbitrary files via a web page that accesses a legacy XML Datasource applet (com.ms.xml.dso.XMLDSO.class) and modifies the base URL to point to the local system, which is trusted by the applet.

CVE-2002-1444 [LOW] CVE-2002-1444: The Google toolbar 1.1.60, when running on Internet Explorer 5.5 and 6.0, allows remote attackers to The Google toolbar 1.1.60, when running on Internet Explorer 5.5 and 6.0, allows remote attackers to cause a denial of service (crash with an exception in oleaut32.dll) via malicious HTML, possibly related to small width and height parameters or an incorrect call to the Google.Search() function.

CVE-2002-0815 [HIGH] CVE-2002-0815: The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Inte The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the informatio

CVE-2002-0832 [HIGH] CVE-2002-0832: Internet Explorer 5, 5.6, and 6 allows remote attackers to bypass cookie privacy settings and store Internet Explorer 5, 5.6, and 6 allows remote attackers to bypass cookie privacy settings and store information across browser sessions via the userData (storeuserData) feature.

CVE-2002-0461 [MEDIUM] CVE-2002-0461: Internet Explorer 5.01 through 6 allows remote attackers to cause a denial of service (application c Internet Explorer 5.01 through 6 allows remote attackers to cause a denial of service (application crash) via Javascript in a web page that calls location.replace on itself, causing a loop.

CVE-2002-0500 [MEDIUM] CVE-2002-0500: Internet Explorer 5.0 through 6.0 allows remote attackers to determine the existence of files on the Internet Explorer 5.0 through 6.0 allows remote attackers to determine the existence of files on the client via an IMG tag with a dynsrc property that references the target file, which sets certain elements of the image object such as file size.

CVE-2002-0371 [HIGH] CVE-2002-0371: Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 through 6.0, Proxy Server 2.0, Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 through 6.0, Proxy Server 2.0, or ISA Server 2000 allows remote attackers to execute arbitrary code via a gopher:// URL that redirects the user to a real or simulated gopher server that sends a long response.